USB INFECTION

nohamg · le 18 juin 2010

Bonjour,

Merci tout d'abord aux membres et createurs de ce forum ou j'ai pu trouver de precieuses informations.

Je suis responsable, entre un millier d'autre choses, d'un parc informatique d'environ une vingtaine d'ordinateurs (modele et systeme different).

La plus part des clef USB et DD ont ete contaminer par un trojan qui s'installe sur les dossier des périphérique de stockage. L'antivirus (chaque machine en a presque un different .... antivir, avg, avast, macafe, norton, f-secure) donc detecte le virus et tout les dossier deviennent dossier cache (j'avoue ne pas m'y connaitre plus que ca dans le domaine).

J'ai suivit les instructions données sur et j'ai sur quelles que machines USB-set. Et j'ai vacciner toutes les clefs et DD que j'ai pu avoir sous la main.

Mon soucis en plus d'essayer d'harmoniser l'ensemble des machines et de faire en sorte que tout le monde puisse utiliser sa machine correctement. C'est de rendre les dossiers sur les cles USB devenus cache. La case pour decocher "hiden" n'est pas valide (grise intouchable).

Alors comment puis je rendre tout ces dossiers de nouveau visible pour l'ensemble de mes collegues (je ne souhaite pas l'ouverture des fichier cache sur toutes les machines ...)

Merci d'avance.

no.ppp · le 21 juin 2010

Salut,

En te lisant, je n'ai pas l'impression que tu aies désinfecté les clés.

Si tu es sous Vista/7 : Désactive provisoirement l'UAC

Télécharge USBFix sur ton Bureau.

Double-clique sur USBFix.exe pour le lancer. (Sous Vista, clique-droit sur USBFix.exe et choisis Exécuter en tant qu'administrateur.)
Clique sur Recherche et laisse l'outil travailler.
Une fenêtre te demandera de bancher tous les périphériques externes(clés USB, lecteurs MP3, disques durs externes, etc ...). Branche le matériel puis clique sur OK pour poursuivre.
Patiente le temps d'exécution du scan.
A la fin, un rapport va être généré (C:\USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.

nohamg · le 28 juin 2010

Salut,

Merci pour le coup de main ... j'ai depuis des nouveaux visiteur fraichement arrives : troyan horse agent2.atxc / generic13.POPQ / dropper generic2.LEH...

Je n'ai pas toutes les clef USB de la mission sous la main mais je vais en faire petit a petit.

Quelle est la prochaine etape ?

Merci

############################## | UsbFix 7.014 | [Research]

User: COOLOG (Administrator) # COOLOG-PC [Dell Inc. Vostro 1000]

Updated 24/06/10 by El Desaparecido / C_XX

Started at 16:55:53 | 28/06/2010

Website: Bienvenue dans nos Pages Persos

Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57

CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57

Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall: Enabled

Antivirus: AVG Anti-Virus Free 8.0 [Enabled | Updated]

RAM -> 1917 Mb

C:\ (%systemdrive%) -> Fixed drive # 139 Gb (16 Mb free - 12%) [OS] # NTFS

D:\ -> Fixed drive # 10 Gb (1 Mb free - 14%) [RECOVERY] # NTFS

E:\ -> CD-ROM

F:\ -> Removable drive # 968 Mb (860 Mb free - 89%) [THOMAS KEY] # FAT32

G:\ -> Removable drive # 1000 Mb (928 Mb free - 93%) [ GONWHIDRUM] # FAT

H:\ -> Fixed drive # 466 Gb (65 Mb free - 14%) [LaCie] # FAT32

################## | Files # Infected Folders |

Found ! F:\autorun.inf.Désactivé par USB-set

Found ! F:\Recycled.exe

Found ! F:\svchost.exe

Found ! G:\New Folder.exe

Found ! G:\New Folder (2).exe

Found ! G:\New Folder (3).exe

Found ! G:\RECYCLER.exe

Found ! G:\system.exe

Found ! G:\DATA\SYSTEM

Found ! F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe

Found ! G:\workshop report.exe

Found ! G:\Protocol.exe

Found ! G:\Nurse meeting report.exe

Found ! G:\MH INSERVICE TRAINING MDM.exe

Found ! G:\Mental Health.exe

Found ! G:\SOPHIE.exe

Found ! G:\unused.exe

Found ! G:\MHD Activitity.exe

Found ! G:\Monthly report of five(5) mental health clinics.exe

Found ! G:\MDM survey&workshop 2009-2010.exe

Found ! G:\OIC Workshop.exe

Found ! G:\reproductive health presentation.exe

Found ! G:\Monthly reports 2009.exe

Found ! G:\WORKSHOP LETTER.exe

Found ! G:\SURVEY REPORT.exe

################## | Registry |

################## | Mountpoints2 |

################## | Vaccin |

C:\autorun.inf -> Folder created by Flash_Disinfector (sUBs)

D:\autorun.inf -> Folder created by Flash_Disinfector (sUBs)

F:\autorun.inf -> Folder created by USB-set (Loup Blanc)

G:\autorun.inf -> Folder created by USB-set (Loup Blanc)

H:\autorun.inf -> Folder created by Flash_Disinfector (sUBs)

################## | E.O.F |

no.ppp · le 28 juin 2010

Salut,

Si tu es sous Vista/7 : Désactive provisoirement l'UAC

Relance USBFix.exe. (Sous Vista, clique-droit sur USBFix.exe et choisis Exécuter en tant qu'administrateur.)

Clique sur Suppression et laisse travailler l'outil.
Une fenêtre te demandera de bancher tous les périphériques externes(clés USB, lecteurs MP3, disques durs externes, etc ...). Branche le matériel puis clique sur OK pour poursuivre.
Le bureau va disparaitre et ne sera plus accessible tout le temps du scan, c'est normal. Patiente le temps du nettoyage sans l'interrompre.
A la fin, un rapport va être généré (C:\USBFix.txt). Copie-colle l'intégralité de son contenu dans ta prochaine réponse.

Télécharge OTL sur ton Bureau

Double-clique sur OTL.exe pour le lancer.
Coche la case Tous les utilisateurs
Fais de même avec Recherche Lop et Recherche Purity.
Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
Quand l'analyse est terminée, deux fenêtres du Bloc-notes vont s'ouvrir. OTL.Txt et Extras.Txt. Ces fichiers sont sauvegardés au même endroit que OTL.
Copie-colle les dans ta prochaine réponse.

nohamg · le 29 juin 2010

OTL logfile created on: 6/28/2010 8:44:01 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 16.21 Gb Free Space | 11.67% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32

Drive G: | 999.69 Mb Total Space | 928.22 Mb Free Space | 92.85% Space Free | Partition Type: FAT

Drive H: | 465.65 Gb Total Space | 65.07 Gb Free Space | 13.98% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Computer Name: COOLOG-PC

Current User Name: COOLOG

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe

PRC - [2010/06/24 12:20:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/06/03 09:40:00 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/06/03 09:39:53 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/06/03 09:39:53 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/06/03 09:39:15 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/06/03 09:39:14 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/06/01 18:07:02 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe

PRC - [2010/06/01 18:06:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/04/16 12:25:49 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe

PRC - [2009/09/10 15:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe

PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2008/01/21 02:33:52 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2007/09/10 23:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2007/04/24 12:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

========== Modules (SafeList) ==========

MOD - [2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe

MOD - [2010/06/01 18:09:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

MOD - [2008/01/21 02:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2008/01/21 02:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/01 18:07:02 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)

SRV - [2010/06/01 18:06:51 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/01/21 02:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/04/24 12:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2010/06/03 09:39:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/06/03 09:39:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/06/01 18:09:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/04/30 23:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)

DRV - [2009/04/30 23:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/04/30 23:00:00 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/02/05 21:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2008/06/24 05:42:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2008/06/24 05:42:16 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2008/06/24 05:42:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2008/06/24 05:42:16 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2008/01/21 02:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/21 02:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/21 02:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/21 02:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/21 02:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/21 02:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/21 02:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/21 02:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/21 02:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/21 02:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/21 02:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/21 02:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/21 02:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/21 02:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/21 02:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/21 02:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/21 02:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/21 02:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/21 02:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/21 02:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/21 02:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/01/21 02:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/21 02:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2008/01/21 02:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/21 02:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/21 02:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/21 02:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/21 02:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/12/07 05:52:48 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)

DRV - [2007/10/17 09:33:56 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2007/07/12 10:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2007/04/24 12:31:16 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/04/24 12:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2007/04/24 12:00:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/04/24 12:00:18 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/04/24 12:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/10/30 15:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-2208296302-755442354-946692294-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 10:59:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 12:20:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/25 07:58:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/06/24 14:13:22 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/07/16 17:22:32 | 000,000,000 | ---D | M]

[2010/03/31 10:38:05 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Extensions

[2010/03/31 10:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/06/28 12:10:21 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Firefox\Profiles\dyivht73.default\extensions

[2010/03/29 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Mozilla\Firefox\Profiles\dyivht73.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/06/28 12:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/24 17:22:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/04/03 12:04:42 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/04/03 12:04:42 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/04/03 12:04:42 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2009/03/31 22:15:30 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml

[2010/04/03 12:04:42 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/04/03 12:04:42 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Ziepod One-Click Helper) - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\System32\ZiepodOneClicker.dll (Ziepod)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [uSB-Set] File not found

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2208296302-755442354-946692294-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKLM..\RunOnce: [] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0

O7 - HKU\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2 10.0.0.3

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/06/17 11:08:43 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/06/17 11:08:43 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/06/28 12:55:10 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2010/06/24 14:41:46 | 000,000,257 | RHS- | M] () - F:\autorun.inf.Désactivé par USB-set -- [ FAT32 ]

O32 - AutoRun File - [2010/06/28 14:41:50 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT ]

O32 - AutoRun File - [2009/08/24 16:56:52 | 000,000,000 | RHSD | M] - H:\AUTOPLAY -- [ FAT32 ]

O32 - AutoRun File - [2010/06/17 11:08:44 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/28 20:41:46 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe

[2010/06/28 16:04:40 | 001,224,471 | ---- | C] (C_XX & El Desaparecido) -- C:\Users\COOLOG\Desktop\UsbFix.exe

[2010/06/28 15:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010/06/28 15:24:17 | 000,000,000 | ---D | C] -- C:\rsit

[2010/06/24 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/06/24 17:22:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/06/24 17:22:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/06/24 17:22:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/06/24 17:22:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/06/22 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\COOLOG\Documents\Back up Email Thunderbird Mozbackup

[2010/06/17 15:58:26 | 000,000,000 | ---D | C] -- C:\UsbFix

[2010/06/17 12:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\usb-set

[2010/06/17 12:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set

[2010/06/17 11:08:43 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010/06/04 21:09:50 | 000,000,000 | ---D | C] -- C:\Users\COOLOG\AppData\Roaming\HP

[2010/06/04 09:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/06/04 09:16:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/06/04 09:16:25 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/06/04 09:10:46 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll

[2010/06/04 09:10:32 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe

[2010/06/04 09:10:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll

[2010/06/04 09:10:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx

[2010/06/04 09:10:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll

[2010/06/04 09:10:29 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010/06/04 09:09:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/06/04 09:06:47 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2010/06/04 08:32:34 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2010/06/04 08:32:34 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2010/06/04 08:32:17 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2010/06/04 08:32:17 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2010/06/04 08:32:17 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2010/06/04 08:31:55 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2010/06/04 08:31:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2010/06/01 18:09:36 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/06/01 18:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/28 20:47:27 | 003,145,728 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT

[2010/06/28 20:42:23 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\COOLOG\Desktop\OTL.exe

[2010/06/28 20:28:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/28 20:28:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/28 20:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/28 16:19:46 | 000,708,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/28 16:19:46 | 000,607,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/28 16:19:46 | 000,106,220 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/28 16:14:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/28 16:11:05 | 001,224,471 | ---- | M] (C_XX & El Desaparecido) -- C:\Users\COOLOG\Desktop\UsbFix.exe

[2010/06/28 13:49:12 | 061,458,679 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2010/06/28 13:27:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/06/28 08:29:05 | 000,000,940 | ---- | M] () -- C:\Users\COOLOG\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/06/28 08:28:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/28 08:28:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/28 08:28:23 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/28 08:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms

[2010/06/28 08:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\COOLOG\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf

[2010/06/27 14:47:36 | 002,960,056 | -H-- | M] () -- C:\Users\COOLOG\AppData\Local\IconCache.db

[2010/06/25 18:13:18 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010/06/24 14:44:39 | 000,050,176 | ---- | M] () -- C:\Users\COOLOG\Desktop\TENDER FOR THE SALE.doc

[2010/06/23 09:59:34 | 000,000,862 | ---- | M] () -- C:\Users\COOLOG\Desktop\092010_072010 Noham Gaudin - Shortcut.lnk

[2010/06/23 09:49:14 | 000,048,640 | ---- | M] () -- C:\Users\COOLOG\Desktop\6 MDM Order to Superior Level.xls

[2010/06/19 23:26:16 | 000,239,104 | ---- | M] () -- C:\Users\COOLOG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/18 12:17:02 | 000,102,592 | ---- | M] () -- C:\Users\COOLOG\AppData\Roaming\GDIPFONTCACHEV1.DAT

[2010/06/04 21:04:17 | 000,102,592 | ---- | M] () -- C:\Users\COOLOG\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/04 21:01:55 | 000,157,369 | ---- | M] () -- C:\Windows\hpoins27.dat

[2010/06/04 12:28:01 | 000,156,886 | ---- | M] () -- C:\Windows\hpoins27.dat.temp

[2010/06/04 09:47:16 | 000,383,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/03 09:39:53 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

[2010/06/03 09:39:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

[2010/06/02 16:23:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/06/02 16:23:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/06/01 18:16:37 | 000,140,800 | ---- | M] () -- C:\Users\COOLOG\Desktop\Bookfile Label2.xls

[2010/06/01 18:09:31 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[2010/06/01 18:09:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

[2010/06/01 18:09:17 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm

[2010/06/01 09:27:08 | 000,308,736 | ---- | M] () -- C:\Users\COOLOG\Desktop\Folders labels.xls

[2010/05/31 17:08:48 | 000,351,744 | ---- | M] () -- C:\Users\COOLOG\Desktop\Folders labels 2006.xls

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/23 09:59:34 | 000,000,862 | ---- | C] () -- C:\Users\COOLOG\Desktop\092010_072010 Noham Gaudin - Shortcut.lnk

[2010/06/23 09:49:14 | 000,048,640 | ---- | C] () -- C:\Users\COOLOG\Desktop\6 MDM Order to Superior Level.xls

[2010/06/15 10:34:27 | 000,061,440 | ---- | C] () -- C:\Users\COOLOG\Desktop\Inccident report for MDM vehicles.doc

[2010/06/02 16:23:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010/06/02 16:23:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010/05/31 17:08:26 | 000,351,744 | ---- | C] () -- C:\Users\COOLOG\Desktop\Folders labels 2006.xls

[2010/05/31 17:08:01 | 000,308,736 | ---- | C] () -- C:\Users\COOLOG\Desktop\Folders labels.xls

[2010/01/22 09:39:09 | 000,000,729 | ---- | C] () -- C:\Windows\hpntwksetup.ini

[2010/01/15 08:37:08 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/06/12 22:13:00 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2009/03/21 10:23:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2009/03/13 12:31:13 | 000,000,493 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/09/09 04:24:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2008/09/09 04:24:16 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/09/09 01:51:45 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2008/09/09 01:42:34 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll

[2007/08/23 10:34:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll

[2007/07/26 12:01:50 | 000,114,688 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll

[2007/03/16 17:00:00 | 000,003,403 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini

[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/05/05 19:02:09 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Azureus

[2009/03/30 04:53:33 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\gtk-2.0

[2009/05/05 14:27:28 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\IrfanView

[2010/01/15 08:38:04 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Leadertech

[2009/07/24 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\OpenOffice.org

[2009/10/15 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\PeerNetworking

[2010/03/31 10:38:02 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\Thunderbird

[2009/03/31 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\COOLOG\AppData\Roaming\uTorrent

[2010/06/27 14:47:43 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

nohamg · le 29 juin 2010

OTL Extras logfile created on: 6/28/2010 8:44:01 PM - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 16.21 Gb Free Space | 11.67% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32

Drive G: | 999.69 Mb Total Space | 928.22 Mb Free Space | 92.85% Space Free | Partition Type: FAT

Drive H: | 465.65 Gb Total Space | 65.07 Gb Free Space | 13.98% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded

Computer Name: COOLOG-PC

Current User Name: COOLOG

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2208296302-755442354-946692294-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2208296302-755442354-946692294-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\services.exe" = C:\WINDOWS\services.exe -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1E1969B6-CD9D-4305-B7EE-F5D1D2AEC2EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{20D20DB0-7DE5-40C8-9053-8BB21C686B41}" = lport=139 | protocol=6 | dir=in | app=system |

"{24FD79E5-62BD-4115-840C-638FEC4B44ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2E59FED8-D565-403F-BBA6-522790BE5D50}" = lport=138 | protocol=17 | dir=in | app=system |

"{41C018A8-6466-40E4-97E4-BE6DC409D43D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{461CB209-9480-478B-9DB3-994B8C5D536E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{49E111C8-CB06-45C0-BDEF-48BCED509A42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{5298327E-15D2-4CA4-A159-F7DB53E9D563}" = lport=2869 | protocol=6 | dir=in | app=system |

"{543755AD-DF4A-4430-A0C5-A2C13BE64745}" = lport=137 | protocol=17 | dir=in | app=system |

"{5E977CE4-6EB9-4CD3-BE04-AF30332E80BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{6FFDA7E9-92DE-4573-A28C-755775DEA7F4}" = rport=445 | protocol=6 | dir=out | app=system |

"{824FECB3-BD13-4ED6-8DA7-43FBC7DE45B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{88FD2BBD-12BD-45A8-9916-25C7A6056602}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{8A0813BA-6516-4B3F-B13B-719F1C1B316F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{931F3668-53F5-4505-B6E6-227E59F9D585}" = rport=137 | protocol=17 | dir=out | app=system |

"{981D9ED4-56FD-40D9-B034-18CDC9B532FF}" = lport=10243 | protocol=6 | dir=in | app=system |

"{9AF32F19-A9E9-41E5-B494-F1D330773946}" = rport=10243 | protocol=6 | dir=out | app=system |

"{B277D816-4FD6-4B99-A0F7-F5561450985C}" = rport=139 | protocol=6 | dir=out | app=system |

"{C85B98FD-33BC-4386-8E2A-8E2A43B3EFFC}" = lport=445 | protocol=6 | dir=in | app=system |

"{CB587DC2-0C8E-4A16-B21F-32EAB03C255A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CE5CB10C-2763-4C53-A9E0-437BFC633765}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CEDCED38-77C5-4426-9135-8DB5075A49BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{D03BE591-06B2-4EA6-8218-C4BEF5023946}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E25FC2E5-257B-40AC-8776-69A54EF58879}" = rport=138 | protocol=17 | dir=out | app=system |

"{ED2D6A08-4882-4F36-BC59-5D05415E3249}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F0FABB48-D295-493F-8E67-94B2E25E2BB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F20D9EC6-9152-449F-9884-A1B38F116284}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0055C498-D02A-4EA9-8F7C-FC55C2A2D356}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{005B07CA-BF7C-4C76-B3C5-A11E919B66DE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{04573FB0-5189-46CB-829B-C1272A2AD276}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{07889CA3-9223-44B0-86AD-453015988BB0}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |

"{08F12C3A-1F80-496A-9A13-CC469A4CF4FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{14CA5DF2-231C-468D-BC5E-BFE149F2982F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{16AF3F3E-5EC8-406C-8BE0-530BE5F766C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{18623327-3630-4169-BDA1-F746D5E25E28}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{222CD897-EE2E-41DB-8917-20E881C6183C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{23469703-BD1F-4505-8614-732D5792BB5E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |

"{276545A9-852F-4286-AEBD-DFFA09467AD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{28498760-5F2B-47C9-8867-C193089C2E43}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{28E07CEA-4E92-4C89-8160-9F882DED118C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{2BCAE47F-355F-460C-AE04-26E6543397F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2FD3C3DA-2C39-465D-A0AD-A9A41BB847E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{31368DB7-33D0-453B-8AD1-844F6EB230F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{31E7DEB0-3B52-42A8-911F-67E0805E5FB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3526D31E-425A-43A4-B960-FB1D8A193792}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{3C1F0B93-9392-49B5-BD30-4F3468E60242}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

"{493378D9-FE7A-47F8-9E69-CA3B74401AF0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{4CCBFD5D-CF5C-4B36-BBFA-6F929C285DE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{51607506-2BCE-4AFC-A9F9-62A8973F981F}" = protocol=6 | dir=out | app=system |

"{5647FE0B-0565-4CA7-A408-EDF3A56539DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{58BED4B1-4D0B-468A-AB80-A9C1F8257533}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5BA9FB81-FDA8-490F-AA56-0E9990220E11}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5C52EC73-D274-4EE1-A546-5A0F25E544A0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5EAA2054-B374-4BC2-BC66-E8CE18F48EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5F8AFBAB-E075-4083-8128-E89457885262}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{64F9E623-8C2D-4973-9214-C0D289EC4544}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{668139E4-F3B0-44C8-8212-E4E37ECF9581}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{68DF4F13-CB1F-4F4E-B4FF-40863414C447}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |

"{6944C4BB-ED97-43BC-AAE4-32877F57453C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |

"{6D9426E4-868D-4A3C-A527-12D68B4E6757}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{7E04099A-02D4-4B3F-984C-D0EFC1745B49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8843DABA-7056-457E-B8D7-7FEF4FA24217}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9707CFDE-C9B0-4D1E-8212-A2D17092DA11}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A091706F-6725-4B59-8A01-37A3C801D87B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A41BF765-18C9-4EDF-9399-60F1DB1FD054}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A46AB48E-1738-4760-B55C-4DD84383F3CD}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |

"{A5EA9DA0-D538-49BA-8954-BAC1B995AE61}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{A5FE7AEF-D464-4227-A7BD-C22D1E965899}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A79F4A71-F868-45AA-9E38-A204E38D2756}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AA4F44FF-48C9-4889-B8ED-A221E7305196}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |

"{AB521057-6CDB-42AD-BB62-7B5463AD4607}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{AF7A7B07-DF42-4818-AAF5-3B3B374EBD1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B03E23D1-7AA7-4FA1-865C-E335C458002F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B1ABFFB2-9351-4CB5-846E-B3EDD7C4D592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B599779C-7A89-4797-B552-AA2B5AA017E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{B7395FA7-8D84-4A1B-A5C3-4FAA47A04AAA}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{BF9640FB-3154-4544-93E3-84F3082E8525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BFBCC3EF-8C89-4C9F-940D-5F3CD1010E08}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C0401AB1-9EFD-4663-A459-53EE168B927B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{C04CE893-9AE4-411F-9792-F4E87E123548}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{CA063513-CDF1-4E69-9A93-0124C52799AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CB1D6300-8E07-4B90-82CE-1461F0D797A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CCED5D90-85D2-4811-B6F8-F5EF44620897}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CDBF3F4B-2377-457F-8D02-589B9D2182B7}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |

"{CE3400A3-8C64-4FC6-B1C0-B0AFB65DCA65}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{CE983D41-FFF3-420A-A519-E411D3E79B0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{D6AD244F-EE42-4543-9661-AB8CC0B30D07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{DA0E9ED9-CB27-4A8B-BA26-0689F5CAEC2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E52D852F-D34B-4AEA-B94D-02D55136A7FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E6A67B95-99F9-4802-80EE-8243ABA66E86}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{ECF50A9D-0271-4D63-BF2E-39B07EE00082}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |

"{F6E216BA-8138-4CF9-AD26-F458F1C26886}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F7E8A2F5-3E4C-40E9-B1F9-1E02412F7D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F80613A4-A628-45A1-8599-F3C333829D8F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F8B49CAD-4B2F-40D5-B6D7-02DC81436076}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"TCP Query User{2EB0FCCA-7F19-4870-9D46-8ECB6F8FE226}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{A5E686F0-CCEE-4838-A100-1A512A920AD5}E:\setup\hppnet01.exe" = protocol=6 | dir=in | app=e:\setup\hppnet01.exe |

"UDP Query User{699870C8-3BC8-492E-9675-6D2CBAF2DDEA}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{742C60A2-334B-4DF9-B25C-0691FEDE3A8B}E:\setup\hppnet01.exe" = protocol=17 | dir=in | app=e:\setup\hppnet01.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{15CC668C-F37C-CE24-9047-40EC8034E29D}" = ATI Catalyst Control Center Ex

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 20

"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool

"{2C091730-3788-4F16-A032-433AC9931375}" = Misc

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher

"{3871DA1E-D863-4548-8465-A2F55D4BFC95}" = UGuide

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet

"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module

"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2

"{6F801026-6AF0-4520-9153-4C9B4CAAB361}" = HP LaserJet P2050 Series 2.0

"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher

"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module

"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89B6F63A-7E0C-424A-9D39-C4EF59E96D78}" = hppQFolderP2050

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{B92B952E-4459-480F-A500-60D87F6F527F}_is1" = USB-set 1.4.1

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8

"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module

"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3

"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver

"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG9Uninstall" = AVG Free 9.0

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"FairUse Wizard 2 LE" = FairUse Wizard 2 LE

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"HP LaserJet P1000 series" = HP LaserJet P1000 series

"HP Officejet K7100 Series" = HP Officejet K7100 Series

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"IrfanView" = IrfanView (remove only)

"lvdrivers_12.0" = Logitech Webcam Software Driver Package

"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)

"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)

"Picasa 3" = Picasa 3

"pycairo-py2.5" = Python 2.5 pycairo-1.4.12

"pygobject-py2.5" = Python 2.5 pygobject-2.14.1

"pygtk-py2.5" = Python 2.5 pygtk-2.12.1

"RealAlt_is1" = Real Alternative 1.46

"Shop for HP Supplies" = Shop for HP Supplies

"Usbfix" = Usbfix By C_XX & El Desaparecido

"VLC media player" = VLC media player 0.9.8a

"WinGimp-2.0_is1" = The GIMP 2.2.13

"WinGTK-2_is1" = GTK+ 2.10.6-1 runtime environment

"WinRAR archiver" = Archiveur WinRAR

"Ziepod_is1" = Ziepod version 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 6/17/2010 10:23:08 AM | Computer Name = COOLOG-PC | Source = Application Hang | ID = 1002

Description = The program thunderbird.exe version 1.9.1.3728 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 4a0 Start Time: 01cb0df4681706fb Termination Time: 47

Error - 6/18/2010 4:35:08 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/18/2010 6:41:11 AM | Computer Name = COOLOG-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1610 Start Time: 01cb0ed21bc976f1 Termination Time: 16

Error - 6/19/2010 10:27:43 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/19/2010 4:16:50 PM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/21/2010 3:59:39 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000

Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp

0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000005, fault offset 0x04728a82, process id 0x7c0, application start time

0x01cb1117acedfb3d.

Error - 6/21/2010 3:59:52 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/21/2010 4:10:50 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000

Description = Faulting application HP1006MC.EXE, version 4.0.0.47, time stamp 0x46c2fc48,

faulting module HP1006MC.EXE, version 4.0.0.47, time stamp 0x46c2fc48, exception

code 0xc0000005, fault offset 0x00005b15, process id 0x868, application start time

0x01cb11194246ab7a.

Error - 6/21/2010 4:48:05 AM | Computer Name = COOLOG-PC | Source = WinMgmt | ID = 10

Description =

Error - 6/21/2010 4:49:06 AM | Computer Name = COOLOG-PC | Source = Application Error | ID = 1000

Description = Faulting application NMIndexStoreSvr.exe, version 3.3.3.0, time stamp

0x47c6bd1b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception

code 0xc0000005, fault offset 0x17271727, process id 0xd58, application start time

0x01cb111e71d14378.

[ Broadcom Wireless LAN Events ]

Error - 1/23/2010 8:19:35 AM | Computer Name = COOLOG-PC | Source = WLAN-Tray | ID = 0

Description = 12:19:35, Sat, Jan 23, 10 Error - Unable to decrypt string

[ System Events ]

Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/28/2010 4:29:09 AM | Computer Name = COOLOG-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/28/2010 4:29:35 AM | Computer Name = COOLOG-PC | Source = DCOM | ID = 10016

Description =

Error - 6/28/2010 4:50:46 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 10.2.0.129 for the Network Card with network

address 002269941550 has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/28/2010 4:51:36 AM | Computer Name = COOLOG-PC | Source = bowser | ID = 8003

Description =

Error - 6/28/2010 7:10:19 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.12 for the Network Card with network

address 002269941550 has been denied by the DHCP server 10.0.0.2 (The DHCP Server

sent a DHCPNACK message).

Error - 6/28/2010 9:50:54 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 10.2.0.129 for the Network Card with network

address 002269941550 has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

Error - 6/28/2010 9:51:56 AM | Computer Name = COOLOG-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.10 for the Network Card with network

address 002269941550 has been denied by the DHCP server 10.0.0.2 (The DHCP Server

sent a DHCPNACK message).

< End of report >

no.ppp · le 29 juin 2010

Salut,

Il manque le rapport d'UsbFix - Suppression

nohamg · le 30 juin 2010

Salut,

Desole ... j'ai refait le scan avec OLT aussi.

############################## | UsbFix 7.014 | [Deletion]

User: COOLOG (Administrator) # COOLOG-PC [Dell Inc. Vostro 1000]

Updated 24/06/10 by El Desaparecido / C_XX

Started at 14:56:29 | 30/06/2010

Website: Bienvenue dans nos Pages Persos

Contact: FindyKill.Contact@gmail.com

CPU: AMD Athlon 64 X2 Dual-Core Processor TK-57

CPU 2: AMD Athlon 64 X2 Dual-Core Processor TK-57

Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1

Internet Explorer 7.0.6001.18000

Windows Firewall: Enabled

Antivirus: AVG Anti-Virus Free 8.0 [Enabled | Updated]

RAM -> 1917 Mb

C:\ (%systemdrive%) -> Fixed drive # 139 Gb (16 Mb free - 11%) [OS] # NTFS

D:\ -> Fixed drive # 10 Gb (1 Mb free - 14%) [RECOVERY] # NTFS

E:\ -> CD-ROM

F:\ -> Removable drive # 968 Mb (860 Mb free - 89%) [THOMAS KEY] # FAT32

G:\ -> Removable drive # 1000 Mb (928 Mb free - 93%) [ GONWHIDRUM] # FAT

H:\ -> Fixed drive # 466 Gb (66 Mb free - 14%) [LaCie] # FAT32

################## | Files # Infected Folders |

Not deleted ! F:\Recycled.exe

Not deleted ! F:\svchost.exe

Not deleted ! G:\New Folder.exe

Not deleted ! G:\New Folder (2).exe

Not deleted ! G:\New Folder (3).exe

Not deleted ! G:\RECYCLER.exe

Not deleted ! G:\system.exe

Not deleted ! F:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe

Not deleted ! G:\workshop report.exe

Not deleted ! G:\Protocol.exe

Not deleted ! G:\Nurse meeting report.exe

Not deleted ! G:\MH INSERVICE TRAINING MDM.exe

Not deleted ! G:\Mental Health.exe

Not deleted ! G:\SOPHIE.exe

Not deleted ! G:\unused.exe

Not deleted ! G:\MHD Activitity.exe

Not deleted ! G:\Monthly report of five(5) mental health clinics.exe

Not deleted ! G:\MDM survey&workshop 2009-2010.exe

Not deleted ! G:\OIC Workshop.exe

Not deleted ! G:\reproductive health presentation.exe

Not deleted ! G:\Monthly reports 2009.exe

Not deleted ! G:\WORKSHOP LETTER.exe

Not deleted ! G:\SURVEY REPORT.exe

################## | Registry |

################## | Mountpoints2 |

################## | Listing |

[01/06/2010 - 18:09:36 | HD ] C:\$AVG

[30/06/2010 - 15:21:16 | SHD ] C:\$Recycle.Bin

[13/03/2009 - 15:26:18 | D ] C:\ATI

[18/09/2006 - 21:43:36 | A | 24] C:\autoexec.bat

[30/06/2010 - 14:42:43 | RASHD ] C:\Autorun.inf

[03/02/2008 - 23:33:27 | SHD ] C:\Boot

[21/01/2008 - 02:34:29 | RASH | 333203] C:\bootmgr

[24/06/2010 - 17:23:50 | HD ] C:\Config.Msi

[18/09/2006 - 21:43:37 | A | 10] C:\config.sys

[13/04/2009 - 09:55:47 | A | 172] C:\curr_ver.tmp

[13/03/2009 - 14:31:14 | D ] C:\DELL

[09/09/2008 - 04:24:28 | RAH | 4224] C:\dell.sdr

[08/10/2007 - 06:46:36 | D ] C:\doctemp

[13/03/2009 - 11:51:53 | SHD ] C:\Documents and Settings

[13/12/2007 - 22:09:44 | D ] C:\Drivers

[30/06/2010 - 14:45:02 | ASH | 2009157632] C:\hiberfil.sys

[02/06/2010 - 16:23:20 | RASH | 0] C:\IO.SYS

[02/06/2010 - 16:23:20 | RASH | 0] C:\MSDOS.SYS

[09/06/2009 - 22:30:16 | D ] C:\Netgear

[09/09/2008 - 01:51:38 | A | 22729] C:\newfile.enc

[09/09/2008 - 01:51:38 | A | 22729] C:\newkey

[30/06/2010 - 14:45:01 | ASH | 2325032960] C:\pagefile.sys

[21/01/2008 - 02:43:50 | D ] C:\PerfLogs

[29/06/2010 - 14:35:17 | RD ] C:\Program Files

[25/06/2010 - 07:58:24 | HD ] C:\ProgramData

[28/06/2010 - 15:26:14 | D ] C:\rsit

[25/06/2010 - 08:35:32 | SHD ] C:\System Volume Information

[22/01/2010 - 09:36:41 | D ] C:\Temp

[30/06/2010 - 15:21:16 | D ] C:\UsbFix

[30/06/2010 - 14:56:30 | A | 3468] C:\UsbFix.txt

[30/06/2010 - 14:42:46 | A | 6686] C:\UsbFix_Upload_Me_COOLOG-PC.zip

[28/06/2010 - 08:28:59 | RD ] C:\Users

[28/06/2010 - 14:41:53 | D ] C:\Windows

[30/06/2010 - 15:21:16 | SHD ] D:\$RECYCLE.BIN

[30/06/2010 - 14:42:43 | RASHD ] D:\Autorun.inf

[16/06/2010 - 11:31:52 | D ] D:\COOLOG-PC

[09/09/2008 - 05:04:02 | D ] D:\dell

[16/06/2010 - 11:26:16 | RA | 528] D:\MediaID.bin

[19/01/2008 - 08:45:45 | D ] D:\Program Files

[19/01/2008 - 08:45:30 | HD ] D:\ProgramData

[29/01/2008 - 17:53:24 | D ] D:\sources

[08/09/2008 - 20:28:57 | SHD ] D:\System Volume Information

[09/09/2008 - 05:15:34 | D ] D:\Tools

[19/01/2008 - 08:45:30 | RD ] D:\Users

[09/09/2008 - 05:03:19 | D ] D:\Windows

[13/11/2009 - 10:49:50 | RSHD ] F:\TO BE SENT

[17/12/2009 - 12:36:10 | RSHD ] F:\MOMED

[17/05/2010 - 19:31:08 | N | 259395] F:\svchost.exe

[23/02/2010 - 10:41:22 | A | 26624] F:\Emmett_February 20.doc

[09/09/2009 - 12:25:08 | RSHD ] F:\RECYCLER

[02/06/2010 - 15:32:14 | RSHD ] F:\TTHDHGC

[23/02/2010 - 10:38:24 | RSHD ] F:\astry

[03/11/2009 - 16:15:38 | RSHD ] F:\gb accountancy

[02/06/2010 - 11:41:18 | A | 579584] F:\MON database 01 2010 MON 1ST PAYROLL_Leo.xls

[21/01/2010 - 11:43:34 | RSHD ] F:\bkup

[23/03/2009 - 08:19:12 | RSHD ] F:\Driver Printers

[30/06/2010 - 14:42:46 | RASHD ] F:\Autorun.inf

[25/02/2010 - 08:52:46 | RSHD ] F:\LEO

[03/11/2009 - 20:04:50 | RSHD ] F:\ALICE

[15/01/2010 - 12:39:10 | A | 2854400] F:\MON - Accountancy 122009 - CORRECTION_LEO 20100115.xls

[14/12/2009 - 15:24:40 | RSHD ] F:\Scanned Docs

[25/02/2010 - 13:22:50 | RSHD ] F:\Docs

[20/05/2002 - 17:13:44 | A | 19968] F:\National Info.xls

[18/11/2009 - 11:40:24 | RSHD ] F:\bin

[18/01/2010 - 10:25:52 | A | 2903552] F:\MON - Accountancy 112009 MON - CHECK LEO 20100115.xls

[05/03/2010 - 09:58:50 | A | 39424] F:\INTERNAL CASH REQUEST FORM USD.xls

[16/04/2010 - 14:23:58 | A | 54784] F:\20100412 LIB Raprochement T12704 Fev_Leo.xls

[02/04/2010 - 23:15:40 | A | 102400] F:\LIB - Cash controls 201003.xls

[15/04/2010 - 17:22:48 | A | 2846208] F:\LIB - Accountancy 03 2010 - voucher OK.xls

[17/04/2010 - 12:33:46 | A | 30720] F:\20100412 LIB Raprochement T12704 willie.xls

[03/06/2010 - 13:14:44 | A | 49152] F:\200901007- ADM006 Ministry of Labour.doc

[01/06/2010 - 18:44:06 | A | 50176] F:\Advance- Return.xls

[01/06/2010 - 18:46:00 | N | 1471163] F:\Recycled.exe

[20/05/2002 - 14:20:14 | A | 2966016] F:\MON - Accountancy 04 2010 - ChecK_LEO.xls

[02/06/2010 - 17:05:54 | A | 115712] F:\LIB - Cash controls 201005.xls

[24/06/2010 - 14:40:00 | A | 46080] F:\TENDER FOR THE SALE.doc

[30/10/2009 - 15:25:46 | RSHD ] F:\HR

[01/06/2010 - 17:33:52 | RSHD ] F:\Usb 2.0 Driver

[08/05/2009 - 16:52:00 | N | 140288] G:\SYSTEM.exe

[31/05/2010 - 09:02:40 | A | 30208] G:\New cases form.xls

[09/10/2009 - 08:56:20 | RSHD ] G:\Exchange MDM & Cap

[24/02/2010 - 08:48:40 | RSHD ] G:\Nurse meeting report

[28/05/2010 - 16:48:18 | A | 49664] G:\JOB DESCRIPTION may 2010.doc

[24/02/2010 - 10:32:26 | RSHD ] G:\MH INSERVICE TRAINING MDM

[29/04/2010 - 10:51:38 | RSHD ] G:\Mental Health

[24/02/2010 - 09:04:28 | RSHD ] G:\Guideline+Case study

[09/10/2009 - 08:46:24 | RSHD ] G:\kpoe document

[09/10/2009 - 08:49:12 | RSHD ] G:\master trainer

[09/10/2009 - 08:50:18 | RSHD ] G:\MDM activities

[09/10/2009 - 09:58:12 | RSHD ] G:\MDM + PHEBE mou

[24/02/2010 - 10:24:20 | RSHD ] G:\MHD Activitity

[18/02/2010 - 11:51:40 | A | 1890304] G:\DATA COLLECTION TOOL - Blank format.xls

[03/04/2010 - 12:56:46 | A | 882688] G:\In-service & SBMR.ppt

[23/06/2009 - 15:33:14 | A | 37888] G:\Road Map 2009-2012.doc

[19/02/2010 - 15:40:40 | RSHD ] G:\Monthly report of five(5) mental health clinics

[28/05/2010 - 16:40:34 | RSHD ] G:\Usb 2.0 Driver

[13/05/2009 - 08:50:06 | N | 140288] G:\workshop report.exe

[13/05/2009 - 08:50:06 | N | 140288] G:\Protocol.exe

[26/04/2010 - 12:01:56 | A | 93184] G:\Gbarpolu Co. Training Budget.doc

[25/06/2009 - 15:02:26 | N | 140288] G:\RECYCLER.exe

[24/02/2010 - 08:41:50 | RSHD ] G:\MDM survey&workshop 2009-2010

[19/04/2010 - 15:35:30 | A | 93184] G:\Copy of Gbarpolu Co. Training Budget.doc

[22/04/2010 - 08:09:40 | A | 238592] G:\OIC training.doc

[12/03/2010 - 11:00:08 | A | 239104] G:\Workshop March.ppt

[27/04/2010 - 15:28:22 | A | 598528] G:\DATA COLLECTION TOOL 2010 - New Version MHT.xls

[29/04/2010 - 10:54:20 | RSHD ] G:\OIC Workshop

[06/05/2010 - 15:25:06 | RSHD ] G:\Dweh cuc

[04/05/2010 - 06:22:26 | RSHD ] G:\Dweh

[12/03/2010 - 10:28:38 | A | 22016] G:\MH General assessment tool

[24/02/2010 - 08:48:40 | N | 140288] G:\Nurse meeting report.exe

[24/02/2010 - 10:32:26 | N | 140288] G:\MH INSERVICE TRAINING MDM.exe

[29/04/2010 - 10:51:38 | N | 140288] G:\Mental Health.exe

[19/02/2010 - 16:09:00 | RSHD ] G:\MDM Day - February 2010

[04/05/2010 - 19:43:32 | A | 60928] G:\evaluation.xls

[14/06/2010 - 15:20:32 | N | 140288] G:\SOPHIE.exe

[24/06/2010 - 10:05:28 | N | 140288] G:\unused.exe

[06/02/2009 - 15:12:06 | RSHD ] G:\Data collection tool 2009

[24/02/2010 - 10:24:20 | N | 140288] G:\MHD Activitity.exe

[19/02/2010 - 15:40:40 | N | 140288] G:\Monthly report of five(5) mental health clinics.exe

[24/02/2010 - 08:41:50 | N | 140288] G:\MDM survey&workshop 2009-2010.exe

[29/04/2010 - 10:54:20 | N | 140288] G:\OIC Workshop.exe

[25/06/2009 - 09:22:56 | N | 140288] G:\reproductive health presentation.exe

[10/07/2009 - 14:44:52 | N | 140288] G:\Monthly reports 2009.exe

[15/06/2010 - 11:13:58 | A | 599] G:\MPCHS strategy planning report june 2010.lnk

[24/06/2010 - 09:03:18 | N | 140288] G:\New Folder.exe

[14/06/2010 - 15:19:34 | RSHD ] G:\workshop letter

[14/06/2010 - 15:20:32 | RSHD ] G:\SOPHIE

[14/06/2010 - 15:19:34 | N | 140288] G:\WORKSHOP LETTER.exe

[16/06/2010 - 17:06:16 | A | 59392] G:\MDM presentation june 2010.doc

[15/06/2010 - 16:53:46 | A | 23552] G:\Doran,s base meeting, June 16, 2010.doc

[21/06/2010 - 15:33:42 | A | 75264] G:\MH Presentation PP.ppt

[24/06/2010 - 09:03:18 | RSHD ] G:\New Folder

[24/06/2010 - 09:05:30 | RSHD ] G:\ASSESSMENT REPORT

[24/06/2010 - 10:05:28 | N | 140288] G:\New Folder (2).exe

[24/06/2010 - 10:05:28 | RSHD ] G:\New Folder (2)

[24/06/2010 - 10:13:38 | RSHD ] G:\New Folder (3)

[24/06/2010 - 10:05:28 | N | 140288] G:\SURVEY REPORT.exe

[24/06/2010 - 10:13:38 | N | 140288] G:\New Folder (3).exe

[28/06/2010 - 14:41:50 | D ] G:\autorun.inf

[08/05/2009 - 16:52:00 | RSHD ] G:\SYSTEM

[08/05/2009 - 16:52:00 | RSHD ] G:\DATA

[13/05/2009 - 08:50:06 | RSHD ] G:\Protocol

[14/05/2009 - 13:50:02 | RSHD ] G:\Evaluations

[22/05/2009 - 13:25:56 | RSHD ] G:\In-service training BPHS

[25/06/2009 - 09:22:56 | RSHD ] G:\reproductive health presentation

[25/06/2009 - 15:00:16 | RSHD ] G:\group 1 modules

[25/06/2009 - 15:02:26 | RSHD ] G:\RECYCLER

[10/07/2009 - 14:44:08 | RSHD ] G:\2009

[10/07/2009 - 14:44:52 | RSHD ] G:\Monthly reports 2009

[20/08/2009 - 16:36:52 | RSHD ] G:\Edmund document

[29/03/2006 - 14:08:32 | AH | 82] H:\._System Volume Information

[24/08/2009 - 16:56:52 | RSHD ] H:\AUTOPLAY

[24/08/2009 - 16:56:52 | RSHD ] H:\System Volume Information

[24/08/2009 - 16:56:52 | RSHD ] H:\MOVIES

[24/08/2009 - 16:56:52 | RSHD ] H:\PICTURES

[24/08/2009 - 16:56:52 | RSHD ] H:\UPDATE

[09/09/2009 - 14:56:46 | RSHD ] H:\Noham

[20/09/2009 - 17:17:28 | RSHD ] H:\.Trashes

[09/09/2009 - 14:59:58 | RSHD ] H:\Recycled

[20/09/2009 - 17:17:28 | AH | 4096] H:\._.Trashes

[26/12/2009 - 11:22:20 | AH | 6148] H:\.DS_Store

[20/09/2009 - 14:54:36 | RSHD ] H:\$RECYCLE.BIN

[24/10/2009 - 09:55:36 | RSHD ] H:\PRO

[13/03/2010 - 20:07:48 | RSHD ] H:\Copy Cles USB

[01/06/2002 - 08:28:50 | RSHD ] H:\Usb 2.0 Driver

[02/06/2010 - 17:09:34 | D ] H:\Noam

[07/06/2010 - 08:53:20 | D ] H:\MUSICS

[11/06/2010 - 08:17:54 | D ] H:\FILM

[30/06/2010 - 14:42:46 | RASHD ] H:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_COOLOG-PC.zip

Upload pour UsbFix, Ad-Remover & FindyKill

Thank you for your contribution.

################## | E.O.F |

Modifié le 30 juin 2010 par nohamg

nohamg · le 30 juin 2010

OTL logfile created on: 6/30/2010 3:59:54 PM - Run 3

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\COOLOG\Desktop

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 15.78 Gb Free Space | 11.35% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 1.42 Gb Free Space | 14.15% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 968.07 Mb Total Space | 860.00 Mb Free Space | 88.84% Space Free | Partition Type: FAT32

Drive G: | 999.69 Mb Total Space | 928.27 Mb Free Space | 92.86% Space Free | Partition Type: FAT

Drive H: | 465.65 Gb Total Space | 66.49 Gb Free Space | 14.28% Space Free | Partition Type: FAT32