[Résolu] PC portable infecté

Fabi41 · le 20 novembre 2010

voilà j'ai suivi à la lettre les différentes procédures proposées mais rien ne semblent aller mieux.

j'ai toujours un soucis avec watermark.exe porteur du virus.

J'ai finalement fait un scan avec le logiciel Norman Malware Cleaner depuis je n'arrive plus à me loguer (c'est à dire que même en mode sans échec je dois introduire mon login et mot de passe et le système fait un login logoff et revient à la fenêtre ctrl+alt+del pour login et mot de passe ?)

Que faire ?

A part cette autre possibilité avec le live CD de Dr.Web

Deux antivirus en live cd : Sécurité, firewall / Antivirus

Je crains que le formatage va devenir de rigueur.

attends encore un peu mais prépare cette éventualité.

bernard53 · le 20 novembre 2010

As tu la console de récupération d'installé.

si oui restaure une journée avant le passage de Norman.

Sinon ceci:

Graver et Démarrer OTLPE depuis un CD

► Télécharge OTLPEnet :: http://oldtimer.gee k s togo.com/OTLPENet.exe sur ton Bureau ou http://www.itxa s s ociate s .com/OT-Tool s /OTLPENet.exe

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe(clic droit executer en tant qu'administrateur sous vista|seven) et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.

* Patiente le temps de la décompression et de la gravure du CD.

* demarrer sur le cdrom crée de Reatogo , voir exemple: booter-sur-dvd-t9447.html

* Ton système doit montrer un bureau REATOGO-X-PE

* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.

* Double-click sur l'icone OTLPE

» à ceci valider par ok:

» à ceci selectionner sa session:

** si le systeme d'exploitation est Vista tu peux avoir ce message : "RunScanner Error - Target is not windows 2000 or later", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de local disk (c:)

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors

o sous Custom Scan box copie_colle le contenu du cadre ci dessous:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

spoolsv.exe

alg.exe

ctfmon.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

i8042prt.sys

cdrom.sys

disk.sys

ndis.sys

tcpip.sys

imapi.sys

RDPCDD.sys

mountmgr.sys

aec.sys

rasacd.sys

redbook.sys

intelide.sys

mrxsmb10.sys

mrxsmb20.sys

termdd.sys

mrxsmb.sys

win32k.sys

storport.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

CREATERESTOREPOINT

* clic Run Scan pour demarrer le scan.

* une fois terminé , le fichier se trouve là C:\OTL.txt

* copie_colle le contenu dans ta prochaine reponse

Si ton rapport est trop long, utilise le site Cijoint.fr - Service gratuit de dépôt de fichiers pour envoyer ton rapport, et mets le lien dans ta prochaine réponse.

Copier et Démarrer OTLPE depuis une clef USB

Si vous n'avez pas de lecteur CD-Rom

Il est possible de booter depuis une clef USB :

Malekal's forum • PetoUSB (eeepc.fr) : Programmes utiles

Fabi41 · le 21 novembre 2010

voici le rapport suite au scan otlpe. Si cela peut t'aider je pense avoir malencontreusement effacer un fichier userinit dans la base du registe :

merci pour toute cette dépense d'énergie.

Cijoint.fr - Service gratuit de dépôt de fichiers

As tu la console de récupération d'installé.

si oui restaure une journée avant le passage de Norman.

Sinon ceci:

Graver et Démarrer OTLPE depuis un CD

► Télécharge OTLPEnet :: http://oldtimer.gee k s togo.com/OTLPENet.exe sur ton Bureau ou http://www.itxa s s ociate s .com/OT-Tool s /OTLPENet.exe

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe(clic droit executer en tant qu'administrateur sous vista|seven) et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.

* Patiente le temps de la décompression et de la gravure du CD.

* demarrer sur le cdrom crée de Reatogo , voir exemple: booter-sur-dvd-t9447.html

* Ton système doit montrer un bureau REATOGO-X-PE

* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.

* Double-click sur l'icone OTLPE

» à ceci valider par ok:

» à ceci selectionner sa session:

** si le systeme d'exploitation est Vista tu peux avoir ce message : "RunScanner Error - Target is not windows 2000 or later", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de local disk (c:)

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors

o sous Custom Scan box copie_colle le contenu du cadre ci dessous:

* clic Run Scan pour demarrer le scan.

* une fois terminé , le fichier se trouve là C:\OTL.txt

* copie_colle le contenu dans ta prochaine reponse

Si ton rapport est trop long, utilise le site Cijoint.fr - Service gratuit de dépôt de fichiers pour envoyer ton rapport, et mets le lien dans ta prochaine réponse.

Copier et Démarrer OTLPE depuis une clef USB

Si vous n'avez pas de lecteur CD-Rom

Il est possible de booter depuis une clef USB :

Malekal's forum • PetoUSB (eeepc.fr) : Programmes utiles

bernard53 · le 22 novembre 2010

Excuses moi mais le rapport est incomplet :chpas:

Fabi41 · le 22 novembre 2010

revoici le rapport .

OTL logfile created on: 11/22/2010 1:56:03 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000813 | Country: Belgium | Language: NLB | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 36.00 Gb Total Space | 21.29 Gb Free Space | 59.14% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 172.83 Gb Free Space | 57.98% Space Free | Partition Type: NTFS

Drive E: | 38.41 Gb Total Space | 23.16 Gb Free Space | 60.30% Space Free | Partition Type: NTFS

Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\DCNTranProc.exe -- (Tran_Process_Proc)

SRV - File not found [On_Demand] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)

SRV - File not found [Auto] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - File not found [Auto] -- C:\Program Files\OCS Inventory Agent\ocsservice.exe -- (OCS INVENTORY)

SRV - File not found [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - File not found [On_Demand] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - File not found [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\Efb\FBPAgent.exe -- (FBAgent)

SRV - [2010/11/11 04:57:11 | 003,019,352 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)

SRV - [2010/09/29 10:00:56 | 001,145,304 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)

SRV - [2010/08/05 04:03:32 | 000,104,976 | ---- | M] () [Auto] -- C:\Program Files\FarStone Total Recovery Pro\Client\CBP\DCSchdlerSRVC.exe -- (DCScheduler)

SRV - [2010/03/25 13:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)

SRV - [2010/03/25 13:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2010/03/25 13:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2010/03/25 13:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)

SRV - [2010/03/15 08:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)

SRV - [2009/08/25 09:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2007/05/10 03:23:50 | 000,094,208 | R--- | M] (SigmaTel, Inc.) [Auto] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)

SRV - [2005/04/27 16:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

SRV - [2004/09/29 05:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Adapter | Unavailable] -- -- (PnSson)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (efbDisk)

DRV - File not found [Kernel | System] -- -- (DCDisk)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Boot] -- -- (cerc6)

DRV - [2010/11/20 03:47:45 | 000,024,168 | ---- | M] (Norman ASA) [Kernel | On_Demand] -- C:\Documents and Settings\AdmTmp\Local Settings\temp\0000077d.nmc\nse\bin\ndiskio.sys -- (NDISKIO)

DRV - [2010/11/16 05:45:39 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\regguard.sys -- (RegGuard)

DRV - [2010/11/16 02:41:30 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)

DRV - [2010/08/18 07:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)

DRV - [2010/08/05 04:05:16 | 000,020,824 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\FarMntIo.sys -- (FARMNTIO)

DRV - [2010/08/05 04:04:18 | 000,086,056 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\dcsnap.sys -- (dcsnap)

DRV - [2010/07/16 08:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)

DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)

DRV - [2010/03/25 13:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2010/03/25 13:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2010/03/25 13:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2010/03/25 13:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2010/03/25 13:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2010/03/25 13:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/10/26 00:47:30 | 004,221,952 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/06/12 12:52:48 | 006,278,272 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/13 17:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/12/23 10:18:48 | 000,068,696 | R--- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007/08/02 10:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/08/02 10:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/08/02 10:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/06/25 11:53:10 | 000,155,136 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/05/10 03:24:34 | 001,222,840 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/03/13 07:26:06 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2007/02/09 05:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 13:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 13:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/10/26 09:22:22 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/10/26 09:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/10/26 09:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/10/26 09:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/10/26 09:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/10/26 09:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/10/26 09:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/10/26 09:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/07/21 04:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\2ddh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\9DomTempInst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\9LocTempInst_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Xella XenApp Login

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 92 8A 2D 80 17 CB 01 [binary data]

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\AdmTmp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2542115

IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - Reg Error: Key error. File not found

IE - HKU\AdmTmp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !

IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be

IE - HKU\Chupinf_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 4A C9 76 FE 63 CB 01 [binary data]

IE - HKU\Chupinf_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 09:48:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

O1 HOSTS File: ([2010/11/19 05:30:21 | 000,425,140 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14672 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [sNM] C:\Program Files\SpyNoMore\SNM.exe File not found

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\2ddh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\9DomTempInst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\9LocTempInst_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\AdmTmp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\AdmTmp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Chupinf_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe (CamfrogWEB Advanced Unicode Control)

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tenebril.com/pub/bin/scanner2008/TenebrilSpywareScanner.ocx (TenebrilSpywareScanner Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277811945671 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = we.ad-root.biz

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/14 16:55:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/20 03:36:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies

[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\!KillBox

[2010/11/19 06:33:40 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys

[2010/11/19 06:33:40 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys

[2010/11/19 06:33:40 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys

[2010/11/19 06:33:34 | 000,237,632 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

[2010/11/19 06:33:34 | 000,159,936 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys

[2010/11/19 06:33:29 | 000,123,712 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys

[2010/11/19 06:33:29 | 000,087,400 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys

[2010/11/19 06:33:29 | 000,031,960 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys

[2010/11/19 06:33:27 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

[2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security

[2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2010/11/19 06:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PC Tools

[2010/11/19 05:45:40 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe

[2010/11/19 04:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2010/11/19 04:28:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\ConduitEngine

[2010/11/19 04:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\temp

[2010/11/19 04:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_France

[2010/11/19 04:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer

[2010/11/19 02:37:54 | 000,061,952 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe

[2010/11/19 01:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\windows media player

[2010/11/18 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

[2010/11/18 16:41:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdmTmp\Recent

[2010/11/18 15:51:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies

[2010/11/18 15:47:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/11/18 15:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/11/18 14:23:53 | 000,000,000 | ---D | C] -- C:\Kill'em

[2010/11/18 14:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\List_Kill'em

[2010/11/18 14:19:46 | 003,285,305 | ---- | C] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe

[2010/11/18 13:48:39 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/18 05:23:08 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/18 05:20:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/11/18 05:20:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/11/18 05:20:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/11/18 05:20:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/11/18 05:20:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/18 05:18:03 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/11/16 16:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\AVERT

[2010/11/16 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!

[2010/11/16 15:18:32 | 004,784,376 | ---- | C] (Curio Lab) -- C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe

[2010/11/16 13:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Malwarebytes

[2010/11/16 08:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Malwarebytes

[2010/11/16 08:27:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/16 08:27:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/16 08:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/16 08:19:49 | 000,000,000 | ---D | C] -- C:\ToolBar SD

[2010/11/16 07:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/16 05:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Help

[2010/11/16 05:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Help

[2010/11/16 02:54:15 | 000,024,416 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys

[2010/11/16 02:41:30 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe

[2010/11/16 02:41:30 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys

[2010/11/16 02:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\RegRun2

[2010/11/16 02:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis

[2010/11/16 02:10:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Chupinf\Recent

[2010/11/16 02:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\AVERT

[2010/11/16 01:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\PCFix

[2010/11/12 08:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/11/12 08:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix

[2010/11/12 06:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/11/12 04:18:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2010/11/11 15:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/11/08 15:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ActPrint

[2010/11/08 14:59:40 | 017,873,152 | ---- | C] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe

[2010/11/08 14:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Iceni

[2010/11/08 14:54:52 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/11/08 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995

[2010/11/08 10:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter

[2010/11/08 09:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\IVCsoft

[2010/11/07 14:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Downloads

[2010/11/07 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache

[2010/11/07 14:11:36 | 004,680,289 | ---- | C] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe

[2010/11/03 12:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Iceni

[2010/11/03 12:15:43 | 002,519,040 | ---- | C] (DynaForms GmbH) -- C:\WINDOWS\System32\CPDF.dll

[2010/11/03 12:15:15 | 000,878,080 | ---- | C] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe

[2010/11/03 12:15:15 | 000,077,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe

[2010/11/03 12:15:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

[2010/11/03 12:15:08 | 001,165,824 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrtClient.exe

[2010/11/03 12:15:08 | 000,822,784 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetupDrv.exe

[2010/11/03 12:15:08 | 000,702,976 | ---- | C] (ActMask - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrtTools.exe

[2010/11/03 12:15:08 | 000,375,296 | ---- | C] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\SetPrinter.exe

[2010/11/03 12:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Infix PDF

[2010/11/03 12:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni

[2010/11/03 12:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Iceni

[2010/11/03 12:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Aspell

[2010/11/02 12:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX

[2010/11/02 11:57:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2010/11/02 04:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Application Data\Apple Computer

[2010/11/02 04:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\Apple Computer

[2010/10/29 05:41:37 | 000,334,336 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\bcdedit.exe

[2010/10/29 05:41:37 | 000,000,000 | ---D | C] -- C:\boot

[2010/10/29 05:41:34 | 000,000,000 | ---D | C] -- C:\Sources

[2010/10/29 05:41:24 | 000,000,000 | ---D | C] -- C:\RITSoftwareProvider

[2010/10/29 05:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone Total Recovery Pro

[2010/10/27 07:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/10/27 07:32:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/10/27 07:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/10/27 07:32:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/10/27 07:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\U3

[2010/10/27 06:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\vlc

[2010/10/27 06:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\HP

[2010/10/27 06:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Programs

[2010/10/27 06:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Adobe

[2010/10/27 04:31:12 | 000,000,000 | ---D | C] -- C:\PDFZilla

[2010/10/27 03:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Macromedia

[2010/10/27 03:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Adobe

[2010/10/27 03:51:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\AdmTmp\PrivacIE

[2010/10/27 03:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\crazyloader Air

[2010/10/27 03:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony

[2010/10/27 03:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Podcasts

[2010/10/27 03:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\My Documents\Media Go

[2010/10/27 03:38:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AdmTmp\My Documents\My Videos

[2010/10/27 03:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared

[2010/10/27 03:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Downloaded Installations

[2010/10/27 03:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2010/10/27 03:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sun

[2010/10/27 03:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/10/27 03:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010/10/27 03:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple

[2010/10/27 03:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2010/10/27 03:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Apple Computer

[2010/10/27 03:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Application Data\Sony

[2010/10/27 03:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Sony Ericsson

[2010/10/27 03:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\Roxio

[2010/10/27 03:31:39 | 000,000,000 | --SD | C] -- C:\Documents and Settings\AdmTmp\IETldCache

[2010/10/27 02:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

========== Files - Modified Within 30 Days ==========

[2010/11/22 13:51:19 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/11/22 08:51:57 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT

[2010/11/21 16:14:05 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job

[2010/11/21 16:13:58 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\AdmTmp\ntuser.ini

[2010/11/21 16:13:56 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\AdmTmp\NTUSER.DAT

[2010/11/21 16:12:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/11/21 16:12:25 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/11/21 16:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/21 14:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job

[2010/11/21 14:40:40 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/11/20 14:01:07 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999UA.job

[2010/11/20 12:28:14 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/11/20 12:28:14 | 000,462,502 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/20 12:28:14 | 000,078,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/20 08:11:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chupinf\ntuser.ini

[2010/11/20 06:29:08 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat

[2010/11/20 06:24:50 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/11/20 03:38:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/19 08:59:37 | 003,712,744 | -H-- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\IconCache.db

[2010/11/19 07:54:02 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Explorermgr.exe

[2010/11/19 06:29:23 | 000,507,360 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\sdsetup[1].exe

[2010/11/19 06:18:13 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\eBay.lnk

[2010/11/19 06:18:13 | 000,001,124 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk

[2010/11/19 05:30:21 | 000,425,140 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/11/19 04:28:18 | 001,015,869 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\unlocker1.9.0.exe

[2010/11/19 03:09:56 | 000,006,497 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010/11/19 02:37:54 | 000,061,952 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\userinitmgr.exe

[2010/11/18 16:09:53 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\windrv.sys

[2010/11/18 15:31:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101119-113021.backup

[2010/11/18 14:23:52 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk

[2010/11/18 14:19:57 | 003,285,305 | ---- | M] (g3n-h@ckm@n ) -- C:\Documents and Settings\AdmTmp\Desktop\List_Killem_Install.exe

[2010/11/18 13:42:48 | 003,911,434 | R--- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe

[2010/11/18 05:23:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/16 16:06:51 | 000,068,640 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/11/16 15:18:53 | 004,784,376 | ---- | M] (Curio Lab) -- C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe

[2010/11/16 15:01:19 | 000,817,050 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg

[2010/11/16 15:01:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-725345543-10999Core.job

[2010/11/16 07:50:22 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe

[2010/11/16 07:13:49 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/16 07:13:49 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk

[2010/11/16 06:13:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache

[2010/11/16 05:45:39 | 000,024,416 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\regguard.sys

[2010/11/16 03:32:19 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk

[2010/11/16 02:41:30 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe

[2010/11/16 02:41:30 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys

[2010/11/16 02:40:53 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/11/16 02:40:53 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2010/11/16 02:35:31 | 005,336,210 | -H-- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\IconCache.db

[2010/11/12 08:12:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache

[2010/11/11 15:42:22 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat

[2010/11/11 15:20:09 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/08 15:17:49 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk

[2010/11/08 15:13:41 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/08 15:01:55 | 000,002,303 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Google Chrome.lnk

[2010/11/08 15:01:55 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Chupinf\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/08 14:59:43 | 017,873,152 | ---- | M] (pdfforge GbR) -- C:\Documents and Settings\Chupinf\My Documents\PDFCreator-1_0_2_setup.exe

[2010/11/08 14:54:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll

[2010/11/08 14:54:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/11/08 14:54:48 | 002,684,312 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe

[2010/11/08 10:35:37 | 003,014,282 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip

[2010/11/07 19:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2010/11/07 14:27:41 | 000,589,480 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/11/07 14:11:41 | 004,680,289 | ---- | M] (SVSoftware LTD (www.savevideoplugin.com) ) -- C:\Documents and Settings\Chupinf\My Documents\SaveVideoPluginForIE_setup.exe

[2010/11/02 04:52:10 | 000,068,640 | ---- | M] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/10/29 06:08:27 | 000,000,529 | RHS- | M] () -- C:\WINDOWS\System32\VFsRegister

[2010/10/29 05:53:04 | 000,014,848 | -H-- | M] () -- C:\logicinf.bin

[2010/10/29 05:53:04 | 000,001,024 | -H-- | M] () -- C:\diskfile1

[2010/10/29 05:52:44 | 000,000,157 | ---- | M] () -- C:\win32log.ini

[2010/10/29 05:43:49 | 000,261,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/10/29 05:41:19 | 004,194,304 | RH-- | M] () -- C:\spc_kern

[2010/10/29 05:41:19 | 000,000,000 | RH-- | M] () -- C:\tasks.ini

[2010/10/27 07:16:37 | 000,089,716 | ---- | M] () -- C:\WINDOWS\hpoins06.dat

[2010/10/27 04:04:16 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe

[2010/10/27 03:37:00 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/10/27 03:36:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/27 03:31:44 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/10/27 02:33:59 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/10/27 02:21:00 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk

[2010/10/27 02:20:05 | 037,065,048 | ---- | M] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe

========== Files Created - No Company Name ==========

[2010/11/19 06:29:23 | 000,507,360 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\sdsetup[1].exe

[2010/11/19 04:28:30 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\eBay.lnk

[2010/11/19 04:28:30 | 000,001,124 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk

[2010/11/19 04:28:14 | 001,015,869 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\unlocker1.9.0.exe

[2010/11/19 02:18:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\dmlconf.dat

[2010/11/18 16:09:53 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys

[2010/11/18 14:23:52 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\List_Kill'em.lnk

[2010/11/18 13:38:48 | 003,911,434 | R--- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ComboFix.exe

[2010/11/18 05:23:15 | 000,000,210 | ---- | C] () -- C:\Boot.bak

[2010/11/18 05:23:11 | 000,261,936 | RHS- | C] () -- C:\cmldr

[2010/11/18 05:20:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/11/18 05:20:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/11/18 05:20:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/11/18 05:20:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/11/18 05:20:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/11/16 15:00:43 | 000,817,050 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\cc_20101116_210039.reg

[2010/11/16 08:19:47 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\ToolBarSD.exe

[2010/11/16 07:13:49 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010/11/16 07:13:49 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Spybot - Search & Destroy.lnk

[2010/11/16 06:13:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\housecall.guid.cache

[2010/11/16 02:40:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Desktop\Reanimator.lnk

[2010/11/12 08:12:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\housecall.guid.cache

[2010/11/11 15:42:22 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat

[2010/11/08 14:54:52 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2010/11/08 14:54:35 | 002,684,312 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\pdf995s.exe

[2010/11/08 10:35:31 | 003,014,282 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Pazera_Free_MP4_to_AVI_Converter.zip

[2010/11/03 12:15:43 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll

[2010/11/03 12:15:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe

[2010/11/03 12:15:08 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe

[2010/11/03 12:15:08 | 000,097,016 | ---- | C] () -- C:\WINDOWS\System32\Cancel.wav

[2010/11/03 12:15:08 | 000,010,398 | ---- | C] () -- C:\WINDOWS\System32\START.WAV

[2010/11/03 12:15:08 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\FINISH.WAV

[2010/11/03 12:15:06 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\Infix PDF Editor.lnk

[2010/10/29 05:53:04 | 000,001,024 | -H-- | C] () -- C:\diskfile1

[2010/10/29 05:52:44 | 000,000,157 | ---- | C] () -- C:\win32log.ini

[2010/10/29 05:41:37 | 000,438,840 | R--- | C] () -- C:\PEMGR

[2010/10/29 05:41:19 | 000,014,848 | -H-- | C] () -- C:\logicinf.bin

[2010/10/29 05:41:19 | 000,000,000 | RH-- | C] () -- C:\tasks.ini

[2010/10/29 05:41:16 | 000,086,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\dcsnap.sys

[2010/10/29 05:41:15 | 004,194,304 | RH-- | C] () -- C:\spc_kern

[2010/10/29 05:41:15 | 003,145,728 | RH-- | C] () -- C:\spc_init

[2010/10/29 05:41:15 | 000,030,972 | ---- | C] () -- C:\FARSBOOT.BIO

[2010/10/29 05:41:15 | 000,000,512 | ---- | C] () -- C:\FARSBOOT.BIN

[2010/10/29 05:41:15 | 000,000,388 | ---- | C] () -- C:\DCMBRBIN

[2010/10/29 05:40:28 | 000,000,529 | RHS- | C] () -- C:\WINDOWS\System32\VFsRegister

[2010/10/29 05:39:58 | 000,020,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\FarMntIo.sys

[2010/10/27 07:16:16 | 000,089,716 | ---- | C] () -- C:\WINDOWS\hpoins06.dat

[2010/10/27 07:16:15 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat

[2010/10/27 06:51:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/10/27 04:03:48 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\AdmTmp\My Documents\Update_Service_Setup-2.10.11.10.exe

[2010/10/27 03:59:36 | 000,068,640 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/10/27 03:37:00 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/10/27 03:36:25 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/10/27 02:21:00 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Chupinf\Desktop\Update Service.lnk

[2010/10/27 02:19:45 | 037,065,048 | ---- | C] () -- C:\Documents and Settings\Chupinf\My Documents\Update_Service_Setup-2.10.11.10.exe

[2010/09/20 07:30:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpotAuditor.INI

[2010/09/01 09:32:20 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2010/08/31 10:27:25 | 000,008,106 | ---- | C] () -- C:\Documents and Settings\Chupinf\Application Data\config

[2010/08/26 11:40:22 | 005,336,210 | -H-- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\IconCache.db

[2010/08/26 11:34:13 | 000,068,640 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/26 06:58:41 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Chupinf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/26 06:46:36 | 000,004,724 | RHS- | C] () -- C:\Documents and Settings\Chupinf\ntuser.pol

[2010/08/26 06:46:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Chupinf\ntuser.ini

[2010/08/26 06:46:34 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT

[2010/08/26 06:46:34 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Chupinf\NTUSER.DAT.LOG

[2010/08/26 06:46:34 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Chupinf\Application Data\desktop.ini

[2010/08/26 05:53:13 | 003,217,838 | -H-- | C] () -- C:\Documents and Settings\2ddh\Local Settings\Application Data\IconCache.db

[2010/08/26 05:47:00 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\2ddh\ntuser.ini

[2010/08/26 05:46:59 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\2ddh\NTUSER.DAT

[2010/08/26 05:46:59 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\2ddh\ntuser.dat.LOG

[2010/08/26 05:46:59 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\2ddh\Application Data\desktop.ini

[2010/08/26 04:48:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/29 07:25:22 | 000,589,480 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/29 05:06:43 | 000,068,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/06/11 07:22:28 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\DWFPORTMON3.DLL.del

[2010/06/11 06:47:46 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL

[2010/06/11 06:47:45 | 000,006,497 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/06/11 06:36:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll

[2010/05/12 05:54:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/05/12 05:35:56 | 004,815,212 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010/05/12 05:30:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010/05/12 05:30:13 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010/05/12 05:30:13 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG

[2010/05/12 05:30:13 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini

[2010/04/22 15:36:03 | 002,679,032 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\Local Settings\Application Data\IconCache.db

[2010/04/22 15:35:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\ntuser.dat.LOG

[2010/04/22 15:35:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\9LocTempInst\ntuser.ini

[2010/04/22 15:35:11 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\9LocTempInst\Application Data\desktop.ini

[2010/04/22 15:35:10 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\9LocTempInst\NTUSER.DAT

[2010/04/22 14:33:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat

[2010/04/22 14:33:56 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG

[2010/04/22 14:31:18 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\AdmTmp\WebAccess.cmd

[2010/04/22 03:26:03 | 002,148,138 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\Local Settings\Application Data\IconCache.db

[2010/04/22 03:17:53 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\ntuser.dat.LOG

[2010/04/22 03:17:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\9DomTempInst\ntuser.ini

[2010/04/22 03:17:53 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\9DomTempInst\Application Data\desktop.ini

[2010/04/22 03:17:52 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\9DomTempInst\NTUSER.DAT

[2010/04/14 17:09:27 | 003,712,744 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\Local Settings\Application Data\IconCache.db

[2010/04/14 17:00:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\AdmTmp\ntuser.ini

[2010/04/14 17:00:02 | 007,077,888 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\NTUSER.DAT

[2010/04/14 17:00:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\AdmTmp\ntuser.dat.LOG

[2010/04/14 17:00:02 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\AdmTmp\Application Data\desktop.ini

[2010/04/14 16:59:14 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini

[2010/04/14 16:59:13 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT

[2010/04/14 16:59:13 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG

[2010/04/14 16:58:20 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini

[2010/04/14 16:58:19 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT

[2010/04/14 16:58:19 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[2010/04/14 16:57:32 | 000,000,062 | -HS- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini

[2010/04/14 16:55:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini

[2010/04/14 16:51:36 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini

[2010/04/14 16:51:36 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini

[2010/04/14 16:50:50 | 000,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini

[2010/04/14 16:50:49 | 000,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini

[2010/04/14 09:45:23 | 000,551,164 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/04/14 09:45:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/01/05 09:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/04/14 07:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll

[2008/04/14 07:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini

[2008/04/14 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll

[2008/04/14 07:00:00 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll

[2008/04/14 07:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll

[2008/04/14 07:00:00 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll

[2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll

[2008/04/14 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll

[2008/04/14 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll

[2008/04/14 07:00:00 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatUI.dll

[2008/04/14 07:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll

[2008/04/14 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll

[2008/04/14 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll

[2008/04/14 07:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll

[2008/04/14 07:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll

[2008/04/14 07:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll

[2008/04/14 07:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini

[2008/04/14 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys

[2008/04/14 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys

[2008/04/14 07:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys

[2008/04/14 07:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys

[2008/04/14 07:00:00 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll

[2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys

[2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys

[2008/04/14 07:00:00 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys

[2008/04/14 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys

[2008/04/14 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys

[2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys

[2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys

[2008/04/14 07:00:00 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys

[2008/04/14 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys

[2008/04/14 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll

[2008/04/14 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll

[2008/04/14 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll

[2008/04/14 07:00:00 | 000,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini

[2008/04/14 07:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll

[2008/04/14 07:00:00 | 000,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini

[2008/04/14 07:00:00 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys

[2008/04/14 07:00:00 | 000,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini

[2008/04/14 07:00:00 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys

[2008/04/14 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll

[2008/04/14 07:00:00 | 000,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini

[2008/04/14 07:00:00 | 000,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini

[2008/04/14 07:00:00 | 000,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini

[2008/04/14 07:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv

[2008/04/14 07:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini

[2008/04/14 07:00:00 | 000,001,350 | ---- | C] () -- C:\WINDOWS\win.ini

[2008/04/14 07:00:00 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini

[2008/04/14 07:00:00 | 000,000,435 | ---- | C] () -- C:\WINDOWS\system.ini

[2008/04/14 07:00:00 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini

[2007/09/27 12:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 12:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 12:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/24 16:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll

[2006/09/24 16:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll

[2006/06/29 16:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 16:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 17:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 17:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2001/08/17 17:36:28 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll

[2001/07/06 08:30:00 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2000/01/06 19:00:00 | 000,022,224 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

========== LOP Check ==========

[2010/08/26 05:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\2ddh\Application Data\ICAClient

[2010/04/22 03:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\9DomTempInst\Application Data\ICAClient

[2010/06/29 07:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk

[2010/06/29 07:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient

[2010/11/16 16:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\DMCache

[2010/11/03 12:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\Iceni

[2010/11/12 08:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\PCFix

[2010/10/27 03:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AdmTmp\Application Data\Sony

[2010/09/24 10:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Autodesk

[2010/09/02 03:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\CamfrogWEB

[2010/09/10 09:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\CrazyLoader

[2010/09/13 07:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\FDRLab

[2010/09/10 02:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\ICAClient

[2010/09/01 09:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Netviewer

[2010/11/16 02:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\PCFix

[2010/09/24 08:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Thinstall

[2010/10/14 07:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Utherverse

[2010/09/08 06:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chupinf\Application Data\Windows Search

[2010/11/21 16:14:05 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{29DA29CD-CCA3-43F3-9D2E-A0A518FF80F6}.job

[2010/11/21 14:45:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F478C670-EB69-4F80-AD10-1F866C9C882A}.job

========== Purity Check ==========

========== Custom Scans ==========

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AEC.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys

[2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ERDNT\cache\aec.sys

[2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\dllcache\aec.sys

[2008/04/14 00:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys

< MD5 for: AGP440.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ALG.EXE >

[2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\alg.exe

[2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINDOWS\system32\dllcache\alg.exe

< MD5 for: ATAPI.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2008/04/14 07:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CSRSS.EXE >

[2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe

[2008/04/14 07:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: CTFMON.EXE >

[2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\ERDNT\cache\ctfmon.exe

[2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\system32\ctfmon.exe

[2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINDOWS\system32\dllcache\ctfmon.exe

< MD5 for: DISK.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys

[2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: I8042PRT.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys

[2008/04/14 02:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\dllcache\i8042prt.sys

[2008/04/14 02:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\drivers\i8042prt.sys

[2008/04/14 07:00:00 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\i8042prt.sys

< MD5 for: IASTOR.SYS >

[2008/07/21 00:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: IMAPI.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys

[2008/04/14 07:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys

< MD5 for: INTELIDE.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys

< MD5 for: MOUNTMGR.SYS >

[2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\dllcache\mountmgr.sys

[2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys

< MD5 for: MRXSMB.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys

[2008/10/24 06:41:12 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys

[2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys

[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys

[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys

[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys

< MD5 for: NDIS.SYS >

[2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys

[2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys

[2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >

[2008/01/21 13:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: NVRD32.SYS >

[2008/01/21 13:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

< MD5 for: RASACD.SYS >

[2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys

[2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPCDD.SYS >

[2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\dllcache\rdpcdd.sys

[2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINDOWS\system32\drivers\rdpcdd.sys

< MD5 for: REDBOOK.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys

[2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINDOWS\system32\drivers\redbook.sys

< MD5 for: SCECLI.DLL >

[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

[2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe

[2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe

[2009/02/06 06:11:06 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >

[2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe

[2008/04/14 07:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe

[2004/08/03 19:03:38 | 000,176,128 | ---- | M] (Microsoft Corporation) MD5=D231F62EA6BB1E793E05ABDCFF3E2EFF -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SPOOLSV.EXE >

[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe

[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe

[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SVCHOST.EXE >

[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe

[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe

[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >

[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys

[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: TERMDD.SYS >

[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys

[2008/04/14 07:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys

< MD5 for: USERINIT.EXE >

[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WIN32K.SYS >

[2010/08/31 08:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys

[2010/05/02 01:34:15 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys

[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\system32\dllcache\win32k.sys

[2010/08/31 08:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) MD5=A77B5764CD2106D36148CB5E5DDF6BC6 -- C:\WINDOWS\system32\win32k.sys

[2010/06/23 21:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys

[2009/08/14 19:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys

< MD5 for: WINLOGON.EXE >

[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/06/20 12:46:58 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll

[2010/09/10 00:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll

[2010/09/10 00:58:06 | 001,986,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll

[2008/04/14 07:00:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll

[2008/04/14 07:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll

[2010/07/27 01:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2010/04/14 09:43:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2010/04/14 09:43:14 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010/04/14 09:43:14 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< CREATERESTOREPOINT >

< End of report >

bernard53 · le 22 novembre 2010

OK fait ceci .

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL

IE - HKU\AdmTmp_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2542115

IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found

IE - HKU\AdmTmp_ON_C\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - Reg Error: Key error. File not found

FF - HKLM\software\mozilla\Firefox\Extensions\\crazyloader@spointer.com: C:\Program Files\CrazyLoader\spointer\extensions\crazyloader@spointer.com [2010/09/10 09:48:13 | 000,000,000 | ---D | M]

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value found.

O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfr..._instmodule.exe (CamfrogWEB Advanced Unicode Control)

O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://download.tene...wareScanner.ocx (TenebrilSpywareScanner Control)

O20 - HKLM Winlogon: UserInit - ( ) - (Registry value not found)

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"UserInit"="C:\WINDOWS\system32\userinit.exe,"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

:Files

C:\WINDOWS\Explorermgr.exe

C:\WINDOWS\System32\userinitmgr.exe

C:\Documents and Settings\Chupinf\Desktop\ExterminateItSetup.exe

C:\Documents and Settings\AdmTmp\My Documents\RegRun2

C:\WINDOWS\System32\dmlconf.dat

C:\WINDOWS\System32\windrv.sys

C:\Documents and Settings\Chupinf\Application Data\abpzlw.dat

:Commands

[emptytemp]

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

Fabi41 · le 22 novembre 2010

voici le rqpport

OK fait ceci .

Cijoint.fr - Service gratuit de dépôt de fichiers

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

voici le rqpport

OK fait ceci .

http://www.cijoint.fr/cjlink.php?file=cj201011/cijeBoZhcq.txt

* Fait un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

* Cliques sur l'icône Correction (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.Txt"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

Fabi41 · le 22 novembre 2010

Cijoint.fr - Service gratuit de dépôt de fichiers

voici le rapport

bernard53 · le 22 novembre 2010

ok as tu encore des alertes ou pas cette fois?

PS:: tu as bien relancer ma commande avec "OTLPE "

Modifié le 22 novembre 2010 par bernard53

Fabi41 · le 22 novembre 2010

J'ai bien suivi à la lettre ta commande.

Bonne nouvelle le login fonctionne de nouveau.

Mauvaise nouvelle : internet explorer ne fonctionne pas

Bonne nouvelle : aucune alerte jusqu'à présent

ok as tu encore des alertes ou pas cette fois?

PS:: tu as bien relancer ma commande avec "OTLPE "

Connexion

Pas encore inscrit ?

[Résolu] PC portable infecté

Messages recommandés

Fabi41

bernard53

Fabi41

bernard53

Fabi41

bernard53

Fabi41

Fabi41

bernard53

Fabi41

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer