Aller au contenu

Fabi41

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    26

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Fabi41

  1. Fabi41
    ok très bien dernière petite chose, comment désactivé la restauration vérolée et en créer une autre saine. comment faire pour indiquer mon post comme résolu ?
  2. Fabi41
    Voilà toutes les opérations sont réalisées. J'ai pu réinstaller internet explorer 8 et cela fonctionne. Je ne reçois plus de messages d'alertes virus. Puis-je considérer que mon pc est sain ? Existe t'il une dernière vérification à faire ? Sinon je te remercie de ta patience et de ton aide bien précieuse. Bien à toi Fabian
  3. Fabi41
    sous ma session perso, j'ai google chrome et ma connexion internet fonctionne. Pour certaines applications professionnelles j'ai besoin d'internet explorer. sous la session administrateur, je n'ai pas google Chrome et internet explorer ne fonctionne pas
  4. Fabi41
    J'ai bien suivi à la lettre ta commande. Bonne nouvelle le login fonctionne de nouveau. Mauvaise nouvelle : internet explorer ne fonctionne pas Bonne nouvelle : aucune alerte jusqu'à présent
  5. Fabi41
    Cijoint.fr - Service gratuit de dépôt de fichiers voici le rapport
  6. Fabi41
    voici le rqpport voici le rqpport
  7. Fabi41
    revoici le rapport . OTL logfile created on: 11/22/2010 1:56:03 PM - Run OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36.00 Gb Total Space | 21.29 Gb Free Space | 59.14% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 172.83 Gb Free Space | 57.98% Space Free | Partition Type: NTFS Drive E: | 38.41 Gb Total Space | 23.16 Gb Free Space | 60.30% Space Free | Partition Type: NTFS Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe -- (Tran_Process_Proc) SRV - File not found [On_Demand] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - File not found [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - File not found [Auto] -- C:\Program Files\OCS Inventory Agent\ocsservice.exe -- (OCS INVENTORY) SRV - File not found [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - File not found [On_Demand] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - File not found [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe -- (FBAgent) SRV - [2010/11/11 04:57:11 | 003,019,352 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai) SRV - [2010/09/29 10:00:56 | 001,145,304 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2010/08/05 04:03:32 | 000,104,976 | ---- | M] () [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe -- (DCScheduler) SRV - [2010/03/25 13:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield) SRV - [2010/03/25 13:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2010/03/25 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/03/25 13:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/03/15 08:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2009/08/25 09:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2007/05/10 03:23:50 | 000,094,208 | R--- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean) SRV - [2004/09/29 05:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Adapter | Unavailable] -- -- (PnSson) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (efbDisk) DRV - File not found [Kernel | System] -- -- (DCDisk) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | Boot] -- -- (cerc6) DRV - [2010/11/20 03:47:45 | 000,024,168 | ---- | M] (Norman ASA) [Kernel | On_Demand] -- C:\Documents and Settings\AdmTmp\Local Settings\temp\0000077d.nmc\nse\bin\ndiskio.sys -- (NDISKIO) DRV - [2010/11/16 05:45:39 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard) DRV - [2010/11/16 02:41:30 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan) DRV - [2010/08/18 07:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010/08/05 04:05:16 | 000,020,824 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FarMntIo.sys -- (FARMNTIO) DRV - [2010/08/05 04:04:18 | 000,086,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap) DRV - [2010/07/16 08:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010/03/25 13:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/03/25 13:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/03/25 13:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/03/25 13:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/03/25 13:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/03/25 13:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/10/26 00:47:30 | 004,221,952 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel® DRV - [2009/06/12 12:52:48 | 006,278,272 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/04/13 17:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2007/12/23 10:18:48 | 000,068,696 | R--- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2007/08/02 10:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007/08/02 10:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007/08/02 10:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007/06/25 11:53:10 | 000,155,136 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/05/10 03:24:34 | 001,222,840 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2007/03/13 07:26:06 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/09 05:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2007/02/08 13:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007/02/08 13:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2006/10/26 09:22:22 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2006/10/26 09:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006/10/26 09:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2006/10/26 09:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006/10/26 09:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006/10/26 09:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006/10/26 09:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006/10/26 09:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006/07/21 04:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\2ddh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\9DomTempInst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\9LocTempInst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Xella XenApp Login IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 92 8A 2D 80 17 CB 01 [binary data] IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\AdmTmp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2542115 IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - Reg Error: Key error. File not found IE - HKU\AdmTmp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 4A C9 76 FE 63 CB 01 [binary data] IE - HKU\Chupinf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 09:48:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff O1 HOSTS File: ([2010/11/19 05:30:21 | 000,425,140 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14672 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe File not found O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\2ddh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\9DomTempInst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\9LocTempInst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\AdmTmp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\AdmTmp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\Chupinf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 16:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/11/20 03:36:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies [2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\!KillBox [2010/11/19 06:33:40 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2010/11/19 06:33:40 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2010/11/19 06:33:40 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010/11/19 06:33:34 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010/11/19 06:33:34 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010/11/19 06:33:29 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys [2010/11/19 06:33:29 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys [2010/11/19 06:33:29 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys [2010/11/19 06:33:27 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PC Tools [2010/11/19 05:45:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe [2010/11/19 04:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2010/11/19 04:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\ConduitEngine [2010/11/19 04:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\temp [2010/11/19 04:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_France [2010/11/19 04:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer [2010/11/19 02:37:54 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe [2010/11/19 01:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player [2010/11/18 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2010/11/18 16:41:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent [2010/11/18 15:51:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies [2010/11/18 15:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/11/18 15:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/11/18 14:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em [2010/11/18 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em [2010/11/18 14:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 13:48:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010/11/18 05:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/18 05:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/11/18 05:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/11/18 05:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/11/18 05:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/11/18 05:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/11/18 05:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/11/16 16:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT [2010/11/16 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It! [2010/11/16 15:18:32 | 004,784,376 | ---- | C] (Curio Lab) -- C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe [2010/11/16 13:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Malwarebytes [2010/11/16 08:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes [2010/11/16 08:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/16 08:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/16 08:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/16 08:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD [2010/11/16 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/16 05:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help [2010/11/16 05:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help [2010/11/16 02:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 02:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 02:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 02:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2 [2010/11/16 02:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2010/11/16 02:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chupinf\Recent [2010/11/16 02:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\AVERT [2010/11/16 01:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\PCFix [2010/11/12 08:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/12 08:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/11/12 06:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/11/12 04:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010/11/11 15:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/11/08 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint [2010/11/08 14:59:40 | 017,873,152 | ---- | C] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe [2010/11/08 14:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Iceni [2010/11/08 14:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995 [2010/11/08 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter [2010/11/08 09:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft [2010/11/07 14:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads [2010/11/07 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/07 14:11:36 | 004,680,289 | ---- | C] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe [2010/11/03 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni [2010/11/03 12:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll [2010/11/03 12:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe [2010/11/03 12:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe [2010/11/03 12:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010/11/03 12:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe [2010/11/03 12:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe [2010/11/03 12:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe [2010/11/03 12:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe [2010/11/03 12:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF [2010/11/03 12:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/03 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/11/03 12:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell [2010/11/02 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010/11/02 11:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2010/11/02 04:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Apple Computer [2010/11/02 04:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Apple Computer [2010/10/29 05:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe [2010/10/29 05:41:37 | 000,000,000 | ---D | C] -- C:\boot [2010/10/29 05:41:34 | 000,000,000 | ---D | C] -- C:\Sources [2010/10/29 05:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider [2010/10/29 05:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro [2010/10/27 07:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/10/27 07:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/10/27 07:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/10/27 07:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/10/27 07:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3 [2010/10/27 06:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc [2010/10/27 06:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP [2010/10/27 06:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs [2010/10/27 06:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe [2010/10/27 04:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla [2010/10/27 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia [2010/10/27 03:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe [2010/10/27 03:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE [2010/10/27 03:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air [2010/10/27 03:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony [2010/10/27 03:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts [2010/10/27 03:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go [2010/10/27 03:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos [2010/10/27 03:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2010/10/27 03:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations [2010/10/27 03:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010/10/27 03:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun [2010/10/27 03:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/10/27 03:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/27 03:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple [2010/10/27 03:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/10/27 03:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer [2010/10/27 03:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/10/27 03:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson [2010/10/27 03:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio [2010/10/27 03:31:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\AdmTmp\IETldCache [2010/10/27 02:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson ========== Files - Modified Within 30 Days ========== [2010/11/22 13:51:19 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/11/22 08:51:57 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT [2010/11/21 16:14:05 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/21 16:13:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\AdmTmp\ntuser.ini [2010/11/21 16:13:56 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\AdmTmp\NTUSER.DAT [2010/11/21 16:12:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/11/21 16:12:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/11/21 16:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/21 14:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job [2010/11/21 14:40:40 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/11/20 14:01:07 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job [2010/11/20 12:28:14 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/11/20 12:28:14 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/20 12:28:14 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/20 08:11:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chupinf\ntuser.ini [2010/11/20 06:29:08 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/20 06:24:50 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini [2010/11/20 03:38:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/19 08:59:37 | 003,712,744 | -H-- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\IconCache.db [2010/11/19 07:54:02 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe [2010/11/19 06:29:23 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\sdsetup[1].exe [2010/11/19 06:18:13 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\eBay.lnk [2010/11/19 06:18:13 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk [2010/11/19 05:30:21 | 000,425,140 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/11/19 04:28:18 | 001,015,869 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\unlocker1.9.0.exe [2010/11/19 03:09:56 | 000,006,497 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/11/19 02:37:54 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe [2010/11/18 16:09:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 15:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101119-113021.backup [2010/11/18 14:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 14:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 13:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 05:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/11/16 16:06:51 | 000,068,640 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/11/16 15:18:53 | 004,784,376 | ---- | M] (Curio Lab) -- C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe [2010/11/16 15:01:19 | 000,817,050 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg [2010/11/16 15:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job [2010/11/16 07:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 07:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 07:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 06:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 05:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 03:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/16 02:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 02:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 02:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/11/16 02:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/11/16 02:35:31 | 005,336,210 | -H-- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\IconCache.db [2010/11/12 08:12:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache [2010/11/11 15:42:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat [2010/11/11 15:20:09 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 15:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/08 15:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 15:01:55 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Google Chrome.lnk [2010/11/08 15:01:55 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/11/08 14:59:43 | 017,873,152 | ---- | M] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe [2010/11/08 14:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 14:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 14:54:48 | 002,684,312 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe [2010/11/08 10:35:37 | 003,014,282 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip [2010/11/07 19:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010/11/07 14:27:41 | 000,589,480 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/11/07 14:11:41 | 004,680,289 | ---- | M] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe [2010/11/02 04:52:10 | 000,068,640 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/10/29 06:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 05:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin [2010/10/29 05:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1 [2010/10/29 05:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini [2010/10/29 05:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/29 05:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern [2010/10/29 05:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini [2010/10/27 07:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 04:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 03:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 03:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 03:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/27 02:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010/10/27 02:21:00 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk [2010/10/27 02:20:05 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe ========== Files Created - No Company Name ========== [2010/11/19 06:29:23 | 000,507,360 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\sdsetup[1].exe [2010/11/19 04:28:30 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\eBay.lnk [2010/11/19 04:28:30 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk [2010/11/19 04:28:14 | 001,015,869 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\unlocker1.9.0.exe [2010/11/19 02:18:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 16:09:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 14:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 13:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 05:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2010/11/18 05:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr [2010/11/18 05:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/18 05:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/18 05:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/18 05:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/18 05:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/16 15:00:43 | 000,817,050 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg [2010/11/16 08:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 07:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 07:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 06:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 02:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/12 08:12:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache [2010/11/11 15:42:22 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat [2010/11/08 14:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 14:54:35 | 002,684,312 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe [2010/11/08 10:35:31 | 003,014,282 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip [2010/11/03 12:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2010/11/03 12:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2010/11/03 12:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2010/11/03 12:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav [2010/11/03 12:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV [2010/11/03 12:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV [2010/11/03 12:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/10/29 05:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1 [2010/10/29 05:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini [2010/10/29 05:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR [2010/10/29 05:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin [2010/10/29 05:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini [2010/10/29 05:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys [2010/10/29 05:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern [2010/10/29 05:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init [2010/10/29 05:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO [2010/10/29 05:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN [2010/10/29 05:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN [2010/10/29 05:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 05:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys [2010/10/27 07:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 07:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2010/10/27 06:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/27 04:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 03:59:36 | 000,068,640 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/10/27 03:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 03:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 02:21:00 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk [2010/10/27 02:19:45 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/09/20 07:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2010/09/01 09:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010/08/31 10:27:25 | 000,008,106 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\config [2010/08/26 11:40:22 | 005,336,210 | -H-- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\IconCache.db [2010/08/26 11:34:13 | 000,068,640 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/08/26 06:58:41 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/26 06:46:36 | 000,004,724 | RHS- | C] () -- C:\Documents and Settings\Chupinf\ntuser.pol [2010/08/26 06:46:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Chupinf\ntuser.ini [2010/08/26 06:46:34 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT [2010/08/26 06:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT.LOG [2010/08/26 06:46:34 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Chupinf\Application Data\desktop.ini [2010/08/26 05:53:13 | 003,217,838 | -H-- | C] () -- C:\Documents and Settings\2ddh\Local Settings\Application Data\IconCache.db [2010/08/26 05:47:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\2ddh\ntuser.ini [2010/08/26 05:46:59 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\2ddh\NTUSER.DAT [2010/08/26 05:46:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\2ddh\ntuser.dat.LOG [2010/08/26 05:46:59 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\2ddh\Application Data\desktop.ini [2010/08/26 04:48:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/29 07:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/29 05:06:43 | 000,068,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/06/11 07:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del [2010/06/11 06:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010/06/11 06:47:45 | 000,006,497 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/06/11 06:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/05/12 05:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/05/12 05:35:56 | 004,815,212 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010/05/12 05:30:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010/05/12 05:30:13 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010/05/12 05:30:13 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG [2010/05/12 05:30:13 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2010/04/22 15:36:03 | 002,679,032 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\Local Settings\Application Data\IconCache.db [2010/04/22 15:35:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\ntuser.dat.LOG [2010/04/22 15:35:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\9LocTempInst\ntuser.ini [2010/04/22 15:35:11 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\9LocTempInst\Application Data\desktop.ini [2010/04/22 15:35:10 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\NTUSER.DAT [2010/04/22 14:33:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat [2010/04/22 14:33:56 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG [2010/04/22 14:31:18 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\AdmTmp\WebAccess.cmd [2010/04/22 03:26:03 | 002,148,138 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\Local Settings\Application Data\IconCache.db [2010/04/22 03:17:53 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\ntuser.dat.LOG [2010/04/22 03:17:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\9DomTempInst\ntuser.ini [2010/04/22 03:17:53 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\9DomTempInst\Application Data\desktop.ini [2010/04/22 03:17:52 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\NTUSER.DAT [2010/04/14 17:09:27 | 003,712,744 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\IconCache.db [2010/04/14 17:00:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\AdmTmp\ntuser.ini [2010/04/14 17:00:02 | 007,077,888 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\NTUSER.DAT [2010/04/14 17:00:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\ntuser.dat.LOG [2010/04/14 17:00:02 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\desktop.ini [2010/04/14 16:59:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini [2010/04/14 16:59:13 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT [2010/04/14 16:59:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG [2010/04/14 16:58:20 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini [2010/04/14 16:58:19 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT [2010/04/14 16:58:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG [2010/04/14 16:57:32 | 000,000,062 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini [2010/04/14 16:55:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini [2010/04/14 16:51:36 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini [2010/04/14 16:51:36 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini [2010/04/14 16:50:50 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini [2010/04/14 16:50:49 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini [2010/04/14 09:45:23 | 000,551,164 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/04/14 09:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/05 09:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 07:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll [2008/04/14 07:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini [2008/04/14 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll [2008/04/14 07:00:00 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll [2008/04/14 07:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll [2008/04/14 07:00:00 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll [2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll [2008/04/14 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll [2008/04/14 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll [2008/04/14 07:00:00 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll [2008/04/14 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll [2008/04/14 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll [2008/04/14 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll [2008/04/14 07:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll [2008/04/14 07:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll [2008/04/14 07:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll [2008/04/14 07:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini [2008/04/14 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys [2008/04/14 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys [2008/04/14 07:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys [2008/04/14 07:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys [2008/04/14 07:00:00 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll [2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys [2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys [2008/04/14 07:00:00 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys [2008/04/14 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys [2008/04/14 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys [2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys [2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys [2008/04/14 07:00:00 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys [2008/04/14 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys [2008/04/14 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll [2008/04/14 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll [2008/04/14 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll [2008/04/14 07:00:00 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini [2008/04/14 07:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll [2008/04/14 07:00:00 | 000,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini [2008/04/14 07:00:00 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys [2008/04/14 07:00:00 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini [2008/04/14 07:00:00 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys [2008/04/14 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll [2008/04/14 07:00:00 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini [2008/04/14 07:00:00 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini [2008/04/14 07:00:00 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini [2008/04/14 07:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv [2008/04/14 07:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini [2008/04/14 07:00:00 | 000,001,350 | ---- | C] () -- C:\WINDOWS\win.ini [2008/04/14 07:00:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini [2008/04/14 07:00:00 | 000,000,435 | ---- | C] () -- C:\WINDOWS\system.ini [2008/04/14 07:00:00 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini [2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/24 16:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 16:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2006/06/29 16:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 16:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 17:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 17:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2001/08/17 17:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll [2001/07/06 08:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/01/06 19:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv ========== LOP Check ========== [2010/08/26 05:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2ddh\Application Data\ICAClient [2010/04/22 03:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\9DomTempInst\Application Data\ICAClient [2010/06/29 07:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk [2010/06/29 07:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient [2010/11/16 16:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/03 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/12 08:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/10/27 03:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/09/24 10:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Autodesk [2010/09/02 03:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\CamfrogWEB [2010/09/10 09:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\CrazyLoader [2010/09/13 07:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\FDRLab [2010/09/10 02:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\ICAClient [2010/09/01 09:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Netviewer [2010/11/16 02:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\PCFix [2010/09/24 08:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Thinstall [2010/10/14 07:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Utherverse [2010/09/08 06:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Windows Search [2010/11/21 16:14:05 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/21 14:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AEC.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys [2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ERDNT\cache\aec.sys [2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\dllcache\aec.sys [2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys < MD5 for: AGP440.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ALG.EXE > [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\alg.exe [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\dllcache\alg.exe < MD5 for: ATAPI.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: CDROM.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2008/04/14 07:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys < MD5 for: CSRSS.EXE > [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe [2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe < MD5 for: CTFMON.EXE > [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\ERDNT\cache\ctfmon.exe [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\system32\ctfmon.exe [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\system32\dllcache\ctfmon.exe < MD5 for: DISK.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: I8042PRT.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys [2008/04/14 02:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\dllcache\i8042prt.sys [2008/04/14 02:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys [2008/04/14 07:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i8042prt.sys < MD5 for: IASTOR.SYS > [2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys < MD5 for: IMAPI.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys [2008/04/14 07:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys < MD5 for: INTELIDE.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys < MD5 for: MOUNTMGR.SYS > [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\dllcache\mountmgr.sys [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys < MD5 for: MRXSMB.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys [2008/10/24 06:41:12 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys [2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys < MD5 for: NDIS.SYS > [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVGTS.SYS > [2008/01/21 13:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys < MD5 for: NVRD32.SYS > [2008/01/21 13:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys < MD5 for: RASACD.SYS > [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPCDD.SYS > [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\dllcache\rdpcdd.sys [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys < MD5 for: REDBOOK.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys [2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys < MD5 for: SCECLI.DLL > [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SERVICES.EXE > [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe [2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe [2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe [2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe < MD5 for: SMSS.EXE > [2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe [2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe [2004/08/03 19:03:38 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=D231F62EA6BB1E793E05ABDCFF3E2EFF -- C:\cmdcons\SYSTEM32\SMSS.EXE < MD5 for: SPOOLSV.EXE > [2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe < MD5 for: SVCHOST.EXE > [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe < MD5 for: TCPIP.SYS > [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: TERMDD.SYS > [2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys [2008/04/14 07:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys < MD5 for: USERINIT.EXE > [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WIN32K.SYS > [2010/08/31 08:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys [2010/05/02 01:34:15 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys [2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\system32\dllcache\win32k.sys [2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\system32\win32k.sys [2010/06/23 21:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys [2009/08/14 19:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys < MD5 for: WINLOGON.EXE > [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008/06/20 12:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2010/09/10 00:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2010/09/10 00:58:06 | 001,986,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 07:00:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 07:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2010/07/27 01:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010/04/14 09:43:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010/04/14 09:43:14 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010/04/14 09:43:14 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < CREATERESTOREPOINT > < End of report >
  8. Fabi41
    voici le rapport suite au scan otlpe. Si cela peut t'aider je pense avoir malencontreusement effacer un fichier userinit dans la base du registe : merci pour toute cette dépense d'énergie. Cijoint.fr - Service gratuit de dépôt de fichiers
  9. Fabi41
    voilà j'ai suivi à la lettre les différentes procédures proposées mais rien ne semblent aller mieux. j'ai toujours un soucis avec watermark.exe porteur du virus. J'ai finalement fait un scan avec le logiciel Norman Malware Cleaner depuis je n'arrive plus à me loguer (c'est à dire que même en mode sans échec je dois introduire mon login et mot de passe et le système fait un login logoff et revient à la fenêtre ctrl+alt+del pour login et mot de passe ?) Que faire ?
  10. Fabi41
    je cherche aussi de mon coté. Si cela peut aider le fichier watermark.exe m'inquiète beaucoup de plus il m'est impossible d ele supprimer (même avec unlocker)
  11. Fabi41
    Bonjour, je pense qu'il va falloir faire appel à l'équipe. Virusscan détecte toujours ce w32/NGVCK sur les fichiers jqsmgr.exe ; iexplorermgr.exe et AcroRd32mgr.exe tiens tiens que des fichiers *mgr.exe dont certains sont cachés.
  12. Fabi41
    voici le nouveau rapport otl en mode normal OTL logfile created on: 11/18/2010 10:24:20 PM - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\AdmTmp\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36.00 Gb Total Space | 21.41 Gb Free Space | 59.47% Space Free | Partition Type: NTFS Drive D: | 38.41 Gb Total Space | 23.65 Gb Free Space | 61.57% Space Free | Partition Type: NTFS Drive E: | 77.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NBUR329 | User Name: AdmTmp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC) PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation) ========== Win32 Services (SafeList) ========== SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe File not found SRV - (Tran_Process_Proc) -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe File not found SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File not found SRV - (OCS INVENTORY) -- C:\Program Files\OCS Inventory Agent\ocsservice.exe File not found SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe File not found SRV - (FBAgent) -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll () SRV - (DCScheduler) -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe () SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (SAVOnAccessFilter) -- C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys File not found DRV - (SAVOnAccessControl) -- C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys File not found DRV - (DVDRC) -- C:\WINDOWS\System32\drivers\DVDRC.sys File not found DRV - (catchme) -- C:\DOCUME~1\AdmTmp\LOCALS~1\Temp\catchme.sys File not found DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software) DRV - (FARMNTIO) -- C:\WINDOWS\system32\drivers\FarMntIo.sys () DRV - (dcsnap) -- C:\WINDOWS\System32\drivers\dcsnap.sys () DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 15:48:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/11/18 21:31:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC) O4 - HKLM..\RunOnce: [WMC_0] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/11/17 10:04:14 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2010/11/17 10:04:13 | 000,000,071 | R--- | M] () - E:\AUTORUN_USB.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/18 22:23:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe [2010/11/18 22:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore [2010/11/18 21:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/11/18 21:33:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe [2010/11/18 21:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/11/18 20:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent [2010/11/18 20:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em [2010/11/18 20:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em [2010/11/18 20:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 19:48:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010/11/18 11:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/18 11:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/11/18 11:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/11/18 11:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/11/18 11:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/11/18 11:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/11/18 11:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/11/16 22:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT [2010/11/16 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It! [2010/11/16 14:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes [2010/11/16 14:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/16 14:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/11/16 14:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help [2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help [2010/11/16 08:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo [2010/11/16 08:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2 [2010/11/16 08:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2010/11/12 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/12 14:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/11/12 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/11/12 10:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010/11/11 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/11/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint [2010/11/08 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2010/11/08 20:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995 [2010/11/08 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft [2010/11/07 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads [2010/11/07 20:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/03 18:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni [2010/11/03 18:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll [2010/11/03 18:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe [2010/11/03 18:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe [2010/11/03 18:15:10 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\All Users\Application Data\Temp [2010/11/03 18:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010/11/03 18:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe [2010/11/03 18:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe [2010/11/03 18:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe [2010/11/03 18:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe [2010/11/03 18:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF [2010/11/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aspell [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iceni [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell [2010/11/02 18:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010/11/02 17:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2010/10/29 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fscltdcn [2010/10/29 11:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe [2010/10/29 11:41:37 | 000,000,000 | ---D | C] -- C:\boot [2010/10/29 11:41:34 | 000,000,000 | ---D | C] -- C:\Sources [2010/10/29 11:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider [2010/10/29 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farstone [2010/10/29 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro [2010/10/27 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/10/27 13:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/10/27 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3 [2010/10/27 12:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc [2010/10/27 12:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP [2010/10/27 12:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs [2010/10/27 12:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe [2010/10/27 10:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla [2010/10/27 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/10/27 09:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia [2010/10/27 09:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe [2010/10/27 09:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE [2010/10/27 09:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air [2010/10/27 09:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony [2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts [2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go [2010/10/27 09:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos [2010/10/27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2010/10/27 09:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010/10/27 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun [2010/10/27 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/10/27 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/27 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/10/27 09:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/10/27 09:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer [2010/10/27 09:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/10/27 09:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson [2010/10/27 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson [2010/10/27 09:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio [2010/10/27 09:31:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\IETldCache [2010/10/27 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/18 22:31:15 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 22:30:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job [2010/11/18 22:24:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe [2010/11/18 22:09:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 22:09:45 | 000,000,661 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\SpyNoMore.lnk [2010/11/18 22:01:04 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job [2010/11/18 21:56:18 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/18 21:56:18 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/18 21:53:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/18 21:50:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/18 21:33:40 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe [2010/11/18 21:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/11/18 20:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 20:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 19:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 11:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/11/18 07:44:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/16 21:18:58 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk [2010/11/16 21:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job [2010/11/16 14:27:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 13:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 13:34:11 | 000,006,385 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/11/16 13:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 13:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 12:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 11:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 09:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/16 08:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/11/16 08:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/11/08 21:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/08 21:17:48 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/11/08 21:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 20:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010/10/29 12:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin [2010/10/29 11:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini [2010/10/29 11:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/29 11:41:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern [2010/10/29 11:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini [2010/10/27 13:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 10:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 09:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 09:37:00 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 09:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/27 08:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/18 22:09:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys [2010/11/18 22:09:45 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\SpyNoMore.lnk [2010/11/18 21:33:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 20:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 19:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 11:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2010/11/18 11:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr [2010/11/18 11:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/18 11:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/18 11:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/18 11:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/18 11:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/16 21:18:58 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk [2010/11/16 14:27:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 14:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 13:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 13:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 12:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 08:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/08 20:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/03 18:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2010/11/03 18:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2010/11/03 18:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2010/11/03 18:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav [2010/11/03 18:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV [2010/11/03 18:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV [2010/11/03 18:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/03 18:15:06 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/10/29 11:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini [2010/10/29 11:41:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR [2010/10/29 11:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin [2010/10/29 11:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini [2010/10/29 11:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys [2010/10/29 11:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern [2010/10/29 11:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init [2010/10/29 11:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO [2010/10/29 11:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN [2010/10/29 11:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN [2010/10/29 11:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys [2010/10/27 13:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 13:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2010/10/27 12:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/27 10:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 09:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 09:37:00 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/09/20 13:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2010/09/01 15:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010/08/27 13:05:27 | 000,007,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/06/29 13:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/11 13:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del [2010/06/11 12:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010/06/11 12:47:45 | 000,006,385 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/06/11 12:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/05/12 11:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/04/14 15:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008/04/14 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008/04/14 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008/04/14 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008/04/14 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2007/09/27 18:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 18:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 18:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/07/03 20:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2001/07/06 14:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv < End of report >
  13. Fabi41
    de plus en mode normal, OTL est systhématiquement supprimé par mon antivirus ???
  14. Fabi41
    J'ai toujours ces mêmes alertes : wmplayer.exe et setup_wm.exe dans le répertoire c:\Program Files\Windows Media Player détecté W32/NGVCK ????
  15. Fabi41
    Je suis en mode sans échec et donc pas d'alertes avec ce mode. Je passe en mode normal et t'informe du comportement de mon pc portable.
  16. Fabi41
    voici le dernier rapport OTL : OTL logfile created on: 11/18/2010 9:39:27 PM - Run 3 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\AdmTmp\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36.00 Gb Total Space | 21.46 Gb Free Space | 59.61% Space Free | Partition Type: NTFS Drive D: | 38.41 Gb Total Space | 23.65 Gb Free Space | 61.57% Space Free | Partition Type: NTFS Drive E: | 77.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: NBUR329 | User Name: AdmTmp | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Exterminate It!\ExterminateIt.exe (CurioLab S.M.B.A.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\AdmTmp\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe File not found SRV - (Tran_Process_Proc) -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe File not found SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe File not found SRV - (OCS INVENTORY) -- C:\Program Files\OCS Inventory Agent\ocsservice.exe File not found SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe File not found SRV - (FBAgent) -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe File not found SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll () SRV - (DCScheduler) -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe () SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.) SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (STacSV) -- C:\WINDOWS\system32\stacsv.exe (SigmaTel, Inc.) SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (SAVOnAccessFilter) -- C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys File not found DRV - (SAVOnAccessControl) -- C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys File not found DRV - (DVDRC) -- C:\WINDOWS\System32\drivers\DVDRC.sys File not found DRV - (catchme) -- C:\DOCUME~1\AdmTmp\LOCALS~1\Temp\catchme.sys File not found DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (Partizan) -- C:\WINDOWS\system32\drivers\Partizan.sys (Greatis Software) DRV - (FARMNTIO) -- C:\WINDOWS\system32\drivers\FarMntIo.sys () DRV - (dcsnap) -- C:\WINDOWS\System32\drivers\dcsnap.sys () DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (guardian2) -- C:\WINDOWS\system32\drivers\oz776.sys (O2Micro) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 15:48:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2010/11/18 21:31:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/11/17 10:04:14 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2010/11/17 10:04:13 | 000,000,071 | R--- | M] () - E:\AUTORUN_USB.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/18 21:39:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe [2010/11/18 21:33:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe [2010/11/18 21:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/11/18 20:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent [2010/11/18 20:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em [2010/11/18 20:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em [2010/11/18 20:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 19:48:39 | 000,000,000 | ---D | C] -- C:\_OTL [2010/11/18 11:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/11/18 11:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/11/18 11:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/11/18 11:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/11/18 11:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/11/18 11:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/11/18 11:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/11/16 22:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT [2010/11/16 21:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It! [2010/11/16 14:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes [2010/11/16 14:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/16 14:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/11/16 14:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help [2010/11/16 11:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help [2010/11/16 08:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo [2010/11/16 08:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2 [2010/11/16 08:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2010/11/12 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/12 14:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix [2010/11/12 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/11/12 10:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010/11/11 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/11/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint [2010/11/08 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2010/11/08 20:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995 [2010/11/08 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft [2010/11/07 20:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads [2010/11/07 20:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache [2010/11/03 18:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni [2010/11/03 18:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll [2010/11/03 18:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe [2010/11/03 18:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe [2010/11/03 18:15:10 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\All Users\Application Data\Temp [2010/11/03 18:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010/11/03 18:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe [2010/11/03 18:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe [2010/11/03 18:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe [2010/11/03 18:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe [2010/11/03 18:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF [2010/11/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aspell [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iceni [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell [2010/11/02 18:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010/11/02 17:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys [2010/10/29 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fscltdcn [2010/10/29 11:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe [2010/10/29 11:41:37 | 000,000,000 | ---D | C] -- C:\boot [2010/10/29 11:41:34 | 000,000,000 | ---D | C] -- C:\Sources [2010/10/29 11:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider [2010/10/29 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farstone [2010/10/29 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro [2010/10/27 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/10/27 13:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/10/27 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3 [2010/10/27 12:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc [2010/10/27 12:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP [2010/10/27 12:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs [2010/10/27 12:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe [2010/10/27 10:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla [2010/10/27 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/10/27 09:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia [2010/10/27 09:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe [2010/10/27 09:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE [2010/10/27 09:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air [2010/10/27 09:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony [2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts [2010/10/27 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go [2010/10/27 09:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos [2010/10/27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2010/10/27 09:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010/10/27 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun [2010/10/27 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/10/27 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/27 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/10/27 09:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/10/27 09:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer [2010/10/27 09:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony [2010/10/27 09:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson [2010/10/27 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson [2010/10/27 09:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio [2010/10/27 09:31:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\IETldCache [2010/10/27 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/18 21:39:40 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 21:39:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AdmTmp\Desktop\OTL.exe [2010/11/18 21:33:40 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\explorermgr.exe [2010/11/18 21:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/11/18 21:17:56 | 000,050,479 | ---- | M] () -- C:\WINDOWS\System32\userinitmgr.zip [2010/11/18 21:16:45 | 000,050,479 | ---- | M] () -- C:\WINDOWS\Explorermgr.zip [2010/11/18 20:46:40 | 000,462,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/18 20:46:40 | 000,078,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/18 20:42:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/18 20:42:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/18 20:40:01 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job [2010/11/18 20:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 20:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe [2010/11/18 19:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 11:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2010/11/18 09:01:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job [2010/11/18 07:44:27 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/16 21:18:58 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk [2010/11/16 21:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job [2010/11/16 14:27:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 13:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 13:34:11 | 000,006,385 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/11/16 13:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 13:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 12:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 11:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 09:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/16 08:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/11/16 08:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/11/08 21:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/08 21:17:48 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/11/08 21:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 20:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe [2010/10/29 12:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin [2010/10/29 11:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini [2010/10/29 11:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/29 11:41:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern [2010/10/29 11:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini [2010/10/27 13:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 10:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 09:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 09:37:00 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 09:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2010/10/27 08:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/18 21:33:40 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/18 21:17:56 | 000,050,479 | ---- | C] () -- C:\WINDOWS\System32\userinitmgr.zip [2010/11/18 21:16:45 | 000,050,479 | ---- | C] () -- C:\WINDOWS\Explorermgr.zip [2010/11/18 20:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk [2010/11/18 19:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe [2010/11/18 11:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2010/11/18 11:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr [2010/11/18 11:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/11/18 11:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/11/18 11:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/11/18 11:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/11/18 11:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/11/16 21:18:58 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk [2010/11/16 14:27:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 14:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe [2010/11/16 13:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2010/11/16 13:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk [2010/11/16 12:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache [2010/11/16 08:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk [2010/11/08 20:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/03 18:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2010/11/03 18:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2010/11/03 18:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2010/11/03 18:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav [2010/11/03 18:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV [2010/11/03 18:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV [2010/11/03 18:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk [2010/11/03 18:15:06 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/10/29 11:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini [2010/10/29 11:41:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR [2010/10/29 11:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin [2010/10/29 11:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini [2010/10/29 11:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys [2010/10/29 11:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern [2010/10/29 11:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init [2010/10/29 11:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO [2010/10/29 11:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN [2010/10/29 11:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN [2010/10/29 11:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys [2010/10/27 13:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 13:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2010/10/27 12:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/27 10:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/10/27 09:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk [2010/10/27 09:37:00 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/09/20 13:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2010/09/01 15:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010/08/27 13:05:27 | 000,007,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/06/29 13:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/06/11 13:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del [2010/06/11 12:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010/06/11 12:47:45 | 000,006,385 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/06/11 12:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/05/12 11:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/04/14 15:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008/04/14 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008/04/14 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008/04/14 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008/04/14 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2007/09/27 18:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 18:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 18:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/07/03 20:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2001/07/06 14:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv < End of report >
  17. Fabi41
    voici le rapport combofix : ComboFix 10-11-17.04 - AdmTmp 11/18/2010 21:29:11.3.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.2038.1529 [GMT 1:00] Gestart vanuit: c:\documents and settings\AdmTmp\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\AdmTmp\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} FILE :: "c:\windows\Explorermgr.exe" "c:\windows\system32\userinitmgr.exe" "c:\windows\wpd99.drv" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\microsoft\watermark.exe c:\windows\Explorermgr.exe c:\windows\system32\dmlconf.dat c:\windows\system32\userinitmgr.exe c:\windows\wpd99.drv . (((((((((((((((((((( Bestanden Gemaakt van 2010-10-18 to 2010-11-18 )))))))))))))))))))))))))))))) . 2010-11-18 19:23 . 2010-11-18 19:23 -------- d-----w- C:\Kill'em 2010-11-18 19:20 . 2010-11-18 19:32 -------- d-----w- c:\program files\List_Kill'em 2010-11-18 18:48 . 2010-11-18 18:48 -------- d-----w- C:\_OTL 2010-11-16 21:07 . 2010-11-16 21:07 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\AVERT 2010-11-16 20:18 . 2010-11-18 20:03 -------- d-----w- c:\program files\Exterminate It! 2010-11-16 18:16 . 2010-11-16 18:16 -------- d-----w- c:\documents and settings\Chupinf\Application Data\Malwarebytes 2010-11-16 13:27 . 2010-11-16 13:27 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\Malwarebytes 2010-11-16 13:27 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-16 13:27 . 2010-11-16 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-16 13:27 . 2010-11-16 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-16 13:27 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-16 13:19 . 2010-11-18 08:40 -------- d-----w- C:\ToolBar SD 2010-11-16 12:13 . 2010-11-18 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-11-16 12:13 . 2010-11-16 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-11-16 10:39 . 2010-11-16 10:39 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Help 2010-11-16 07:54 . 2010-11-16 10:45 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-11-16 07:41 . 2010-11-16 07:41 37600 ----a-w- c:\windows\system32\Partizan.exe 2010-11-16 07:41 . 2010-11-16 07:41 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2010-11-16 07:40 . 2010-11-16 07:40 -------- d-----w- c:\program files\Greatis 2010-11-16 07:10 . 2010-11-16 07:22 -------- d-----w- c:\documents and settings\Chupinf\Local Settings\Application Data\AVERT 2010-11-16 06:59 . 2010-11-16 07:01 -------- d-----w- c:\documents and settings\Chupinf\Application Data\PCFix 2010-11-12 13:48 . 2010-11-12 13:48 -------- d-----w- c:\program files\ESET 2010-11-12 13:34 . 2010-11-12 13:35 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\PCFix 2010-11-12 11:24 . 2010-11-12 12:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-11-12 09:18 . 2010-11-12 10:21 -------- d-----w- c:\windows\BDOSCAN8 2010-11-11 20:42 . 2010-11-18 20:31 -------- d-----w- c:\program files\Microsoft 2010-11-08 20:17 . 2010-11-11 20:46 -------- d-----w- c:\program files\Common Files\ActPrint 2010-11-08 19:55 . 2010-11-08 19:55 -------- d-----w- c:\documents and settings\Chupinf\Local Settings\Application Data\Iceni 2010-11-08 19:54 . 2010-11-08 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-11-08 19:54 . 2010-11-08 19:54 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-11-08 19:54 . 2010-11-08 19:54 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-11-08 19:54 . 2010-11-12 12:34 -------- d-----w- c:\program files\pdf995 2010-11-08 14:26 . 2010-11-08 14:26 -------- d-----w- c:\program files\IVCsoft 2010-11-07 19:22 . 2010-11-16 21:01 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\DMCache 2010-11-03 17:14 . 2010-11-03 17:14 -------- d-----w- c:\program files\Iceni 2010-11-03 17:14 . 2010-11-03 17:14 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\Aspell 2010-11-02 17:50 . 2010-11-02 17:50 -------- d-----w- c:\program files\Common Files\DirectX 2010-11-02 16:57 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-11-02 16:57 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-11-02 09:54 . 2010-11-02 09:54 -------- d-----w- c:\documents and settings\Chupinf\Application Data\Apple Computer 2010-11-02 09:51 . 2010-11-02 09:51 -------- d-----w- c:\documents and settings\Chupinf\Local Settings\Application Data\Apple Computer 2010-10-29 10:52 . 2010-10-29 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\fscltdcn 2010-10-29 10:41 . 2010-11-12 13:32 -------- d-----w- C:\boot 2010-10-29 10:41 . 2010-08-05 09:06 334336 ----a-r- c:\windows\bcdedit.exe 2010-10-29 10:41 . 2010-10-29 10:41 -------- d-----w- C:\Sources 2010-10-29 10:41 . 2010-10-29 10:41 -------- d-----w- C:\RITSoftwareProvider 2010-10-29 10:41 . 2010-10-29 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Farstone 2010-10-29 10:41 . 2010-10-29 10:53 14848 ---h--w- C:\logicinf.bin 2010-10-29 10:41 . 2010-08-05 09:04 86056 ----a-w- c:\windows\system32\drivers\dcsnap.sys 2010-10-29 10:41 . 2010-08-05 09:04 512 ----a-w- C:\FARSBOOT.BIN 2010-10-29 10:40 . 2010-10-29 10:40 -------- d-----w- c:\program files\FarStone Total Recovery Pro 2010-10-29 10:39 . 2010-08-05 09:05 20824 ----a-r- c:\windows\system32\drivers\FarMntIo.sys 2010-10-27 12:34 . 2010-10-27 12:34 -------- d-----w- c:\program files\Common Files\Java 2010-10-27 12:31 . 2010-11-16 12:55 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\U3 2010-10-27 11:52 . 2010-10-27 12:34 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\vlc 2010-10-27 11:32 . 2010-10-27 11:32 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\HP 2010-10-27 11:27 . 2010-10-27 12:29 -------- d-----w- c:\documents and settings\AdmTmp\Programs 2010-10-27 11:03 . 2010-10-27 11:03 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Adobe 2010-10-27 09:31 . 2010-10-27 09:31 -------- d-----w- C:\PDFZilla 2010-10-27 08:54 . 2010-10-27 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-10-27 08:51 . 2010-10-27 08:51 -------- d-sh--w- c:\documents and settings\AdmTmp\PrivacIE 2010-10-27 08:51 . 2010-11-18 18:45 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\crazyloader Air 2010-10-27 08:40 . 2010-10-27 08:40 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Sony 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Downloaded Installations 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\program files\Sony 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\program files\Common Files\Apple 2010-10-27 08:36 . 2010-11-12 12:34 -------- d-----w- c:\program files\QuickTime 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Apple 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\program files\Apple Software Update 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Apple Computer 2010-10-27 08:34 . 2010-10-27 08:39 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\Sony 2010-10-27 08:33 . 2010-10-27 08:54 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Sony Ericsson 2010-10-27 08:33 . 2010-10-27 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson 2010-10-27 08:31 . 2010-10-27 12:30 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Roxio 2010-10-27 08:31 . 2010-10-27 08:31 -------- d-sh--w- c:\documents and settings\AdmTmp\IETldCache 2010-10-27 07:20 . 2010-10-27 08:38 -------- d-----w- c:\program files\Sony Ericsson . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-18 20:17 . 2010-11-18 20:17 50479 ----a-w- c:\windows\system32\userinitmgr.zip 2010-11-18 20:16 . 2010-11-18 20:16 50479 ----a-w- c:\windows\Explorermgr.zip 2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 02:50 . 2010-04-22 08:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2010-04-22 08:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2010-04-22 21:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll . ((((((((((((((((((((((((((((( SnapShot@2010-11-18_19.05.04 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-14 12:00 . 2010-11-18 19:46 78114 c:\windows\system32\perfc009.dat + 2008-04-14 12:00 . 2010-11-18 19:46 462168 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 142360] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-25 124224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 369137] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1038:TCP"= 1038:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface S0 cerc6;cerc6; [x] S0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [10/29/2010 11:41 AM 86056] S1 DCDisk;DCDisk; [x] S1 efbDisk;efbDisk; [x] S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys --> c:\windows\system32\DRIVERS\savonaccesscontrol.sys [?] S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys --> c:\windows\system32\DRIVERS\savonaccessfilter.sys [?] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 1:00 PM 14336] S2 DCScheduler;DCScheduler;c:\program files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe [10/29/2010 11:41 AM 104976] S2 FBAgent;File Backup Agent;c:\program files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe --> c:\program files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe [?] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [3/25/2010 7:07 PM 22816] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/20/2010 1:09 PM 70728] S2 OCS INVENTORY;OCS INVENTORY SERVICE;"c:\program files\OCS Inventory Agent\ocsservice.exe" --> c:\program files\OCS Inventory Agent\ocsservice.exe [?] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe --> c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [?] S2 Tran_Process_Proc;DCNTranProc;"c:\program files\FarStone Total Recovery Pro\Client\DCNTranProc.exe" --> c:\program files\FarStone Total Recovery Pro\Client\DCNTranProc.exe [?] S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [10/29/2010 11:39 AM 20824] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/20/2010 1:09 PM 66600] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [11/16/2010 8:41 AM 35816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [11/16/2010 8:54 AM 24416] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - MDMXSDK [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map 2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job - c:\documents and settings\Chupinf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:51] 2010-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job - c:\documents and settings\Chupinf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:51] 2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:31] 2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:31] . . ------- Bijkomende Scan ------- . mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://adminws-nl/ DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-18 21:31 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2ce75bac-25df-46fa-a191-235cf044f576}] @Denied: (Full) (Everyone) "Model"=dword:0000013f "Therad"=dword:0000000a [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):b5,51,da,7f,dc,89,0a,13,f3,84,69,31,cd,6d,d5,dd,e0,c7,ca,c9,08, d0,7b,6f,25,8c,a7,6c,db,9c,24,73,67,ee,07,82,a2,87,39,2a,00,00,00,00,00,00,\ . Voltooingstijd: 2010-11-18 21:32:29 ComboFix-quarantined-files.txt 2010-11-18 20:32 ComboFix2.txt 2010-11-18 19:06 Pre-Run: 23,028,260,864 bytes free Post-Run: 23,015,858,176 bytes free - - End Of File - - 10F84E6961BD3EC75E90493332DA5425
  18. Fabi41
    voici le lien explorermgr >> lien supprimé pour info ils ont tous les 2 le même icône sur mon pc (sorte de téléphone fax) bon courage
  19. Fabi41
    Re-salut, et bien pas simple toute cette procédure mais bon voici le rapport combofix ..... ComboFix 10-11-17.04 - AdmTmp 11/18/2010 20:00:43.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1033.18.2038.795 [GMT 1:00] Gestart vanuit: c:\documents and settings\AdmTmp\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\microsoft\watermark.exe c:\windows\system32\dmlconf.dat . ---- Voorgaande Run ------- . c:\documents and settings\All Users\Application Data\hpe116.dll c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\microsoft\watermark.exe c:\windows\sysgtime.dll c:\windows\system32\dmlconf.dat c:\windows\system32\Temp c:\windows\system32\Temp\DWFmonitor3.inf c:\windows\system32\Temp\DWFPortMon3.dll c:\windows\system32\Thumbs.db . (((((((((((((((((((( Bestanden Gemaakt van 2010-10-18 to 2010-11-18 )))))))))))))))))))))))))))))) . 2010-11-18 18:48 . 2010-11-18 18:48 -------- d-----w- C:\_OTL 2010-11-16 21:07 . 2010-11-16 21:07 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\AVERT 2010-11-16 20:18 . 2010-11-16 20:27 -------- d-----w- c:\program files\Exterminate It! 2010-11-16 18:16 . 2010-11-16 18:16 -------- d-----w- c:\documents and settings\Chupinf\Application Data\Malwarebytes 2010-11-16 18:16 . 2010-11-18 18:35 61952 ----a-w- c:\windows\Explorermgr.exe 2010-11-16 14:57 . 2010-11-18 07:06 61952 ----a-w- c:\windows\system32\userinitmgr.exe 2010-11-16 13:27 . 2010-11-16 13:27 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\Malwarebytes 2010-11-16 13:27 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-16 13:27 . 2010-11-16 20:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-16 13:27 . 2010-11-16 13:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-16 13:27 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-16 13:19 . 2010-11-18 08:40 -------- d-----w- C:\ToolBar SD 2010-11-16 12:13 . 2010-11-16 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-11-16 12:13 . 2010-11-16 12:17 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-11-16 10:39 . 2010-11-16 10:39 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Help 2010-11-16 07:54 . 2010-11-16 10:45 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-11-16 07:41 . 2010-11-16 07:41 37600 ----a-w- c:\windows\system32\Partizan.exe 2010-11-16 07:41 . 2010-11-16 07:41 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2010-11-16 07:40 . 2010-11-16 07:40 -------- d-----w- c:\program files\Greatis 2010-11-16 07:10 . 2010-11-16 07:22 -------- d-----w- c:\documents and settings\Chupinf\Local Settings\Application Data\AVERT 2010-11-16 06:59 . 2010-11-16 07:01 -------- d-----w- c:\documents and settings\Chupinf\Application Data\PCFix 2010-11-12 13:48 . 2010-11-12 13:48 -------- d-----w- c:\program files\ESET 2010-11-12 13:34 . 2010-11-12 13:35 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\PCFix 2010-11-12 11:24 . 2010-11-12 12:58 -------- d-----w- c:\program files\Windows Live Safety Center 2010-11-12 09:18 . 2010-11-12 10:21 -------- d-----w- c:\windows\BDOSCAN8 2010-11-11 20:42 . 2010-11-18 19:04 -------- d-----w- c:\program files\Microsoft 2010-11-08 20:17 . 2010-11-11 20:46 -------- d-----w- c:\program files\Common Files\ActPrint 2010-11-08 19:55 . 2010-11-08 19:55 -------- d-----w- c:\documents and settings\Chupinf\Local Settings\Application Data\Iceni 2010-11-08 19:54 . 2010-11-08 19:54 25 ----a-w- c:\windows\wpd99.drv 2010-11-08 19:54 . 2010-11-08 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995 2010-11-08 19:54 . 2010-11-08 19:54 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-11-08 19:54 . 2010-11-08 19:54 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-11-08 19:54 . 2010-11-12 12:34 -------- d-----w- c:\program files\pdf995 2010-11-08 14:26 . 2010-11-08 14:26 -------- d-----w- c:\program files\IVCsoft 2010-11-07 19:22 . 2010-11-16 21:01 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\DMCache 2010-11-03 17:14 . 2010-11-03 17:14 -------- d-----w- c:\program files\Iceni 2010-11-03 17:14 . 2010-11-03 17:14 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\Aspell 2010-11-02 17:50 . 2010-11-02 17:50 -------- d-----w- c:\program files\Common Files\DirectX 2010-11-02 16:57 . 2008-04-13 23:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys 2010-11-02 16:57 . 2008-04-13 23:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys 2010-11-02 09:54 . 2010-11-02 09:54 -------- d-----w- c:\documents and settings\Chupinf\Application Data\Apple Computer 2010-11-02 09:51 . 2010-11-02 09:51 -------- d-----w- c:\documents and settings\Chupinf\Local Settings\Application Data\Apple Computer 2010-10-29 10:52 . 2010-10-29 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\fscltdcn 2010-10-29 10:41 . 2010-11-12 13:32 -------- d-----w- C:\boot 2010-10-29 10:41 . 2010-08-05 09:06 334336 ----a-r- c:\windows\bcdedit.exe 2010-10-29 10:41 . 2010-10-29 10:41 -------- d-----w- C:\Sources 2010-10-29 10:41 . 2010-10-29 10:41 -------- d-----w- C:\RITSoftwareProvider 2010-10-29 10:41 . 2010-10-29 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Farstone 2010-10-29 10:41 . 2010-10-29 10:53 14848 ---h--w- C:\logicinf.bin 2010-10-29 10:41 . 2010-08-05 09:04 86056 ----a-w- c:\windows\system32\drivers\dcsnap.sys 2010-10-29 10:41 . 2010-08-05 09:04 512 ----a-w- C:\FARSBOOT.BIN 2010-10-29 10:40 . 2010-10-29 10:40 -------- d-----w- c:\program files\FarStone Total Recovery Pro 2010-10-29 10:39 . 2010-08-05 09:05 20824 ----a-r- c:\windows\system32\drivers\FarMntIo.sys 2010-10-27 12:34 . 2010-10-27 12:34 -------- d-----w- c:\program files\Common Files\Java 2010-10-27 12:31 . 2010-11-16 12:55 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\U3 2010-10-27 11:52 . 2010-10-27 12:34 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\vlc 2010-10-27 11:32 . 2010-10-27 11:32 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\HP 2010-10-27 11:27 . 2010-10-27 12:29 -------- d-----w- c:\documents and settings\AdmTmp\Programs 2010-10-27 11:03 . 2010-10-27 11:03 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Adobe 2010-10-27 09:31 . 2010-10-27 09:31 -------- d-----w- C:\PDFZilla 2010-10-27 08:54 . 2010-10-27 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-10-27 08:51 . 2010-10-27 08:51 -------- d-sh--w- c:\documents and settings\AdmTmp\PrivacIE 2010-10-27 08:51 . 2010-11-18 18:45 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\crazyloader Air 2010-10-27 08:40 . 2010-10-27 08:40 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Sony 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Downloaded Installations 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\program files\Sony 2010-10-27 08:37 . 2010-10-27 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\program files\Common Files\Apple 2010-10-27 08:36 . 2010-11-12 12:34 -------- d-----w- c:\program files\QuickTime 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Apple 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\program files\Apple Software Update 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-10-27 08:36 . 2010-10-27 08:36 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Apple Computer 2010-10-27 08:34 . 2010-10-27 08:39 -------- d-----w- c:\documents and settings\AdmTmp\Application Data\Sony 2010-10-27 08:33 . 2010-10-27 08:54 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Sony Ericsson 2010-10-27 08:33 . 2010-10-27 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson 2010-10-27 08:31 . 2010-10-27 12:30 -------- d-----w- c:\documents and settings\AdmTmp\Local Settings\Application Data\Roxio 2010-10-27 08:31 . 2010-10-27 08:31 -------- d-sh--w- c:\documents and settings\AdmTmp\IETldCache 2010-10-27 07:20 . 2010-10-27 08:38 -------- d-----w- c:\program files\Sony Ericsson . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-15 02:50 . 2010-04-22 08:25 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-15 00:29 . 2010-04-22 08:25 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2010-04-22 21:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-23 141336] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-23 142360] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-25 124224] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-08-21 878080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 369137] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1038:TCP"= 1038:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [10/29/2010 11:41 AM 86056] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 1:00 PM 14336] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [3/25/2010 7:07 PM 22816] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/20/2010 1:09 PM 70728] S0 cerc6;cerc6; [x] S1 DCDisk;DCDisk; [x] S1 efbDisk;efbDisk; [x] S1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\DRIVERS\savonaccesscontrol.sys --> c:\windows\system32\DRIVERS\savonaccesscontrol.sys [?] S1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\DRIVERS\savonaccessfilter.sys --> c:\windows\system32\DRIVERS\savonaccessfilter.sys [?] S2 DCScheduler;DCScheduler;c:\program files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe [10/29/2010 11:41 AM 104976] S2 FBAgent;File Backup Agent;c:\program files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe --> c:\program files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe [?] S2 OCS INVENTORY;OCS INVENTORY SERVICE;"c:\program files\OCS Inventory Agent\ocsservice.exe" --> c:\program files\OCS Inventory Agent\ocsservice.exe [?] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe --> c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [?] S2 Tran_Process_Proc;DCNTranProc;"c:\program files\FarStone Total Recovery Pro\Client\DCNTranProc.exe" --> c:\program files\FarStone Total Recovery Pro\Client\DCNTranProc.exe [?] S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\FarMntIo.sys [10/29/2010 11:39 AM 20824] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/20/2010 1:09 PM 66600] S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [11/16/2010 8:41 AM 35816] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [11/16/2010 8:54 AM 24416] --- Andere Services/Drivers In Geheugen --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map 2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job - c:\documents and settings\Chupinf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:51] 2010-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job - c:\documents and settings\Chupinf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:51] 2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:31] 2010-11-18 c:\windows\Tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 02:31] . . ------- Bijkomende Scan ------- . mWindow Title = uInternet Connection Wizard,ShellNext = hxxp://adminws-nl/ DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx . - - - - ORPHANS VERWIJDERD - - - - HKCU-Run-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe AddRemove-Restorer Ultimate_is1 - c:\program files\Restorer Ultimate\unins000.exe AddRemove-{8F094FCD-3085-4145-9D30-F7808995AFAC}_is1 - c:\program files\SaveVideo plugin For IE\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-18 20:04 Windows 5.1.2600 Service Pack 3 NTFS scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2ce75bac-25df-46fa-a191-235cf044f576}] @Denied: (Full) (Everyone) "Model"=dword:0000013f "Therad"=dword:0000000a [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):b5,51,da,7f,dc,89,0a,13,f3,84,69,31,cd,6d,d5,dd,e0,c7,ca,c9,08, d0,7b,6f,25,8c,a7,6c,db,9c,24,73,67,ee,07,82,a2,87,39,2a,00,00,00,00,00,00,\ . Voltooingstijd: 2010-11-18 20:06:28 ComboFix-quarantined-files.txt 2010-11-18 19:06 Pre-Run: 20,266,274,816 bytes free Post-Run: 20,239,065,088 bytes free - - End Of File - - 7B2655FFA339C5A6C69DEB9EAE7A5A32
  20. Fabi41
    Pas de soucis. Très sympa de recevoir votre aide.
  21. Fabi41
    voici le résultat du scal OTL : OTL logfile created on: 16/11/2010 21:04:40 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Chupinf\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36,00 Gb Total Space | 21,24 Gb Free Space | 58,99% Space Free | Partition Type: NTFS Drive D: | 38,41 Gb Total Space | 23,64 Gb Free Space | 61,56% Space Free | Partition Type: NTFS Computer Name: NBUR329 | User Name: ChupinF | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Chupinf\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\CrazyLoader\spointer\crazyloader_air.exe (Crazyloader) PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Chupinf\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation) ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN ! IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 4A C9 76 FE 63 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 15:48:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Interest recogniser for Crazyloader (powered by Spointer)) - {C5F65718-341D-4e7d-9842-FCB9CC89527E} - C:\Program Files\CrazyLoader\spointer\extensions\crazyloader_air_ie.dll (Crazyloader) O3 - HKLM\..\Toolbar: (no name) - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control) O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - c:\Program Files\Microsoft\WaterMark.exe () O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Chupinf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chupinf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{a214d7f7-b4d1-11df-ba2c-001d09dc57ba}\Shell - "" = AutoRun O33 - MountPoints2\{a214d7f7-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a214d7f7-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{a214d7f9-b4d1-11df-ba2c-001d09dc57ba}\Shell - "" = AutoRun O33 - MountPoints2\{a214d7f9-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a214d7f9-b4d1-11df-ba2c-001d09dc57ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software) O34 - HKLM BootExecute: (ootExecute settings...) - File not found O34 - HKLM BootExecute: (ount) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/16 21:03:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chupinf\Desktop\OTL.exe [2010/11/16 19:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Malwarebytes [2010/11/16 19:16:44 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe [2010/11/16 15:57:03 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe [2010/11/16 14:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/16 14:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/16 14:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/11/16 14:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/11/16 13:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/11/16 08:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 08:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\RegRunInfo [2010/11/16 08:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis [2010/11/16 08:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chupinf\Recent [2010/11/16 08:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\AVERT [2010/11/16 07:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\PCFix [2010/11/12 14:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/11/12 14:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\PCFix [2010/11/12 12:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center [2010/11/12 10:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010/11/11 21:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/11/08 21:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint [2010/11/08 20:59:40 | 017,873,152 | ---- | C] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe [2010/11/08 20:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Iceni [2010/11/08 20:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2010/11/08 20:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995 [2010/11/08 16:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter [2010/11/08 15:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft [2010/11/07 20:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager [2010/11/07 20:15:42 | 000,115,200 | ---- | C] (http://www.howtosavevideo.com) -- C:\WINDOWS\System32\VistaHlpr.dll [2010/11/07 20:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\SaveVideo plugin For IE [2010/11/07 20:11:36 | 004,680,289 | ---- | C] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe [2010/11/03 18:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll [2010/11/03 18:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe [2010/11/03 18:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe [2010/11/03 18:15:10 | 000,000,000 | RHSD | C] -- C:\Documents and Settings\All Users\Application Data\Temp [2010/11/03 18:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll [2010/11/03 18:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe [2010/11/03 18:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe [2010/11/03 18:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe [2010/11/03 18:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe [2010/11/03 18:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF [2010/11/03 18:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Aspell [2010/11/03 18:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iceni [2010/11/03 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni [2010/11/02 18:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2010/11/02 10:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Apple Computer [2010/11/02 10:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Apple Computer [2010/10/29 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fscltdcn [2010/10/29 11:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe [2010/10/29 11:41:37 | 000,000,000 | ---D | C] -- C:\boot [2010/10/29 11:41:34 | 000,000,000 | ---D | C] -- C:\Sources [2010/10/29 11:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider [2010/10/29 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farstone [2010/10/29 11:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro [2010/10/27 13:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/10/27 13:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010/10/27 13:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010/10/27 10:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla [2010/10/27 09:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2010/10/27 09:38:59 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe116.dll [2010/10/27 09:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation [2010/10/27 09:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony [2010/10/27 09:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2010/10/27 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010/10/27 09:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2010/10/27 09:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2010/10/27 09:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson [2010/10/27 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/16 21:05:27 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/16 21:05:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job [2010/11/16 21:03:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chupinf\Desktop\OTL.exe [2010/11/16 21:01:19 | 000,817,050 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg [2010/11/16 21:01:01 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job [2010/11/16 21:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job [2010/11/16 21:00:20 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe [2010/11/16 19:18:17 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/11/16 19:18:17 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/11/16 19:16:40 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe [2010/11/16 17:29:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/11/16 14:27:06 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 14:18:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/11/16 13:34:11 | 000,006,385 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/11/16 11:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys [2010/11/16 11:25:20 | 000,000,186 | ---- | M] () -- C:\WINDOWS\tasks\PCFix.job [2010/11/16 08:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe [2010/11/16 08:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys [2010/11/16 08:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010/11/16 08:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2010/11/16 08:40:53 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat [2010/11/16 08:13:22 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job [2010/11/12 14:34:01 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Fix 2010.lnk [2010/11/12 14:12:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache [2010/11/11 21:42:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat [2010/11/11 21:20:09 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/08 21:17:48 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/11/08 21:01:55 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Google Chrome.lnk [2010/11/08 21:01:55 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2010/11/08 20:59:43 | 017,873,152 | ---- | M] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe [2010/11/08 20:54:53 | 000,000,025 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2010/11/08 20:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/11/08 20:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 20:54:48 | 002,684,312 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe [2010/11/08 16:35:37 | 003,014,282 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip [2010/11/07 20:11:41 | 004,680,289 | ---- | M] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe [2010/10/29 12:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin [2010/10/29 11:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini [2010/10/29 11:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/10/29 11:41:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern [2010/10/29 11:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini [2010/10/27 13:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 09:38:59 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe116.dll [2010/10/27 09:37:00 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 08:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010/10/27 08:21:00 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk [2010/10/27 08:20:05 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/16 21:00:43 | 000,817,050 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg [2010/11/16 14:27:06 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/16 11:25:17 | 000,000,186 | ---- | C] () -- C:\WINDOWS\tasks\PCFix.job [2010/11/16 08:40:53 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat [2010/11/12 14:34:01 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Fix 2010.lnk [2010/11/12 14:12:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache [2010/11/11 21:42:23 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat [2010/11/11 21:42:22 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat [2010/11/08 20:54:53 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2010/11/08 20:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/11/08 20:54:35 | 002,684,312 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe [2010/11/08 16:35:31 | 003,014,282 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip [2010/11/03 18:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll [2010/11/03 18:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe [2010/11/03 18:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe [2010/11/03 18:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav [2010/11/03 18:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV [2010/11/03 18:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV [2010/11/03 18:15:06 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Infix PDF Editor.lnk [2010/10/29 11:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1 [2010/10/29 11:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini [2010/10/29 11:41:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FarStone Total Recovery 7 Pro.lnk [2010/10/29 11:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR [2010/10/29 11:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin [2010/10/29 11:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini [2010/10/29 11:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys [2010/10/29 11:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern [2010/10/29 11:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init [2010/10/29 11:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO [2010/10/29 11:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN [2010/10/29 11:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN [2010/10/29 11:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister [2010/10/29 11:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys [2010/10/27 13:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat [2010/10/27 13:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat [2010/10/27 09:37:00 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2010/10/27 09:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/10/27 08:21:00 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk [2010/10/27 08:19:45 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe [2010/09/20 13:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI [2010/09/01 15:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010/08/31 16:27:25 | 000,008,106 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\config [2010/08/27 13:05:27 | 000,007,482 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2010/08/26 12:58:41 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/11 13:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del [2010/06/11 12:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2010/06/11 12:47:45 | 000,006,385 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/06/11 12:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2010/05/12 11:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010/04/14 15:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/14 13:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008/04/14 13:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008/04/14 13:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008/04/14 13:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008/04/14 13:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2007/09/27 18:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 18:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 18:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/07/03 20:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll [2001/07/06 14:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\sysgtime.dll [2000/01/07 01:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv < End of report > voici le résultat extras OTL OTL Extras logfile created on: 16/11/2010 21:04:40 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Chupinf\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 36,00 Gb Total Space | 21,24 Gb Free Space | 58,99% Space Free | Partition Type: NTFS Drive D: | 38,41 Gb Total Space | 23,64 Gb Free Space | 61,56% Space Free | Partition Type: NTFS Computer Name: NBUR329 | User Name: ChupinF | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{23170F69-40C1-2701-0457-000001000000}" = 7-Zip 4.57 "{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010 "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74449814-B2A1-41FB-890C-60CF2FD0DA96}" = FarStone Total Recovery 7 Pro "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8F094FCD-3085-4145-9D30-F7808995AFAC}_is1" = Save Video plugin for IE (ver. 4) "{8F5C2A7E-DE9E-4642-AD0F-E29FE903422A}" = Autodesk DWF Writer 4.0 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack "{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack "{901E0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Italian User Interface Pack "{901E0413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Dutch User Interface Pack "{901E0C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Spanish User Interface Pack "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DA3DCA9-42C4-48F3-AD00-8C0692FE756B}" = PathExtention "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.08 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Autodesk Design Review 2011" = Autodesk Design Review 2011 "CCleaner" = CCleaner "CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only) "CrazyLoader" = CrazyLoader "DWG TrueView 2010" = DWG TrueView 2010 "ESET Online Scanner" = ESET Online Scanner v3 "FileASSASSIN" = FileASSASSIN "GIF Animator" = Microsoft GIF Animator "Greatis Reanimator_is1" = RegRun Reanimator "HDMI" = Intel® Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Internet Download Manager" = Internet Download Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OCS Inventory Agent" = OCS Inventory Agent 4.0.3.2 "PC Fix 2010_is1" = PCFix "PDFZilla_is1" = PDFZilla V1.2.9 "Restorer Ultimate_is1" = Restorer Ultimate 6.0 "Update Service" = Sony Ericsson Update Service "Utherverse 3D Client" = Utherverse 3D Client "VLC media player" = VLC media player 1.1.4 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Player" = Windows Media Player 11 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{22622180-65A2-11DB-6784-00953B2F18BE}" = LoveChess Age Of Egypt Demo "{7EACD785-823D-4D1B-9A5E-85FACAF5DFB3}_is1" = Oxin's Style! 3D Sexvilla 2.055.001 "{A44BD8D0-DA93-11DE-6784-016F7F2518BE}" = LoveChess The Greek Era (Free) "AIDA32_is1" = AIDA32 v3.93 "Google Chrome" = Google Chrome "InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional ========== Last 10 Event Log Errors ========== Error: Unable to start EventLog service! < End of report >
  22. Fabi41
    VirusScan détecte W32/NGVCK pour les fichiers suivants : mbammgr.exe iexplorermgr.exe wordpad.exe wmplayer.exe setup_wm.exe jqmgr.exe iedw.exe pour l'application c:\\windows\system32\svhost.exe est-ce grave ? que faire ? Merci encore
  23. Fabi41
    voici maintenant le résultat après analyse avec Malwaresbytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 11/16/2010 3:52:30 PM mbam-log-2010-11-16 (15-52-30).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 214619 Temps écoulé: 1 heure(s), 24 minute(s), 13 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{8e9cf769-3d3b-40eb-9e2d-76e7a205e4d2} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Chupinf\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
  24. Fabi41
    voici le résultat après un scan avec Toolbar SD ...... merc i de ton aide .... -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T7500 @ 2.20GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A11 USER : AdmTmp ( Administrator ) BOOT : Fail-safe boot Antivirus : McAfee VirusScan Enterprise 8.7.0.570 (Activated) C:\ (Local Disk) - NTFS - Total:36 Go (Free:21 Go) D:\ (Local Disk) - NTFS - Total:38 Go (Free:23 Go) E:\ (CD or DVD) F:\ (USB) - FAT - Total:247 Mo (Free:0 Go) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( Tue 11/16/2010|14:21 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\Chupinf\APPLIC~1\FunWebProducts\Data Supprime! - C:\DOCUME~1\AdmTmp\Cookies\admtmp@mywebsearch[2].txt Supprime! - C:\DOCUME~1\Chupinf\APPLIC~1\FunWebProducts -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Url"="http://go.microsoft.com/fwlink/?LinkId=68929" "Url"="http://go.microsoft.com/fwlink/?LinkId=68928" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - Tue 11/16/2010|14:22 - Option : [2] -----------\\ Fin du rapport a 14:22:10.34
  25. Fabi41
    Je te remercie de vouloir m'aider. Je n'arrive pas à télécharger le logiciel que tu m'as proposé. Mon système le bloque ???
×
×
  • Créer...