BleepingComputer.com: Explorer is memory hungry

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Explorer is memory hungry

#1 User is offline   P. TATA 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 25-June 11

Posted 25 June 2011 - 06:55 AM

Hi,

Explorer uses a lot of memory (more than 300MB) then hangs. I run XP. I've tried a few online antivirus and have Microsoft Security Essentials installed.

I join a gmer, OTL and hijackthis reports to save you time. I hope you can help me.

Thanks



edit : posted the files in one zip because it says the OTL report is too big.

Attached File(s)


This post has been edited by P. TATA: 25 June 2011 - 07:21 AM

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 01 July 2011 - 08:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   P. TATA 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 25-June 11

Posted 02 July 2011 - 10:45 AM

Hi Gringo

Thank you for your answer.

Here are the logs you want. Hope you can find something.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Édition familiale
Boot Device: \Device\HarddiskVolume1
Install Date: 08/09/2010 22:54:06
System Uptime: 02/07/2011 16:06:36 (1 hours ago)
.
Motherboard: MEDION | | E1210
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU 1 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 65 GiB total, 12,585 GiB free.
D: is FIXED (FAT32) - 10 GiB total, 7,368 GiB free.
E: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 989,553 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Contrôleur de réseau
Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_27901814&REV_00\4&23C6FC68&0&00E1
Manufacturer:
Name: Contrôleur de réseau
PNP Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_27901814&REV_00\4&23C6FC68&0&00E1
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
1&1 Connexion directe
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.3 - Français
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 3
Ask Toolbar
Assistant de connexion Windows Live
Athan Basic 3.9
µTorrent
Auto Traffic Monopoly 1.0.1
Bibliothèques GTK+ 2.14.7 rev a (supprimer uniquement)
Bit Che
BitNami WordPress Stack
Bluefish 2.0.2-1
Bonjour
Brain Workshop 4.8.1
Business Plan Pro 11.0 Sample Plans
Business Plan Pro 15th Anniversary Edition (UK)
CamSpace API
Canon LBP5200
CCleaner
Chinese Simplified Fonts Support For Adobe Reader 9
Core FTP LE 2.1
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Data Lifeguard Diagnostic for Windows 1.22
Dragon NaturallySpeaking 11
EasyBCD 2.0
emesene 2.11.5
eMule
EngInSite CSS Editor 1.2.4.321
ESET Online Scanner v3
ESWIN_USB 0.6d
FileRestorePlus™ 3.0.1.1111
FileZilla Client 3.5.0
FlashFXP v4.0
FreeMind
FreePack
Google Chrome
Google Gears
Google Update Helper
GSM SIM Utility V4.8
HammerHead Rhythm Station
Herman Programmer
HiJackThis
HomePlayer 1.5.9d
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Drive Key Boot Utility
IHMC CmapTools v5.04.02
ImgBurn
Installation Windows Live
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IrfanView (remove only)
IsoBuster 2.8
iTunes
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
JDownloader
K-Lite Codec Pack 6.5.0 (Full)
Lecteur Windows Media 11
LibreOffice 3.4
LibreOffice 3.4 Help Pack (French)
LibUSB-Win32-1.2.2.1
Ma-Config.com
Marketing Plan Pro Powered by Duct Tape Marketing
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Antimalware Service FR-FR Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Client FR-FR Language Pack
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2530548)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2296199)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2436673)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476490)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2491683)
Mise à jour de sécurité pour Windows XP (KB2503658)
Mise à jour de sécurité pour Windows XP (KB2503665)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2506223)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2508272)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2511455)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB2535512)
Mise à jour de sécurité pour Windows XP (KB2536276)
Mise à jour de sécurité pour Windows XP (KB2544893)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950759)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB971961)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981349)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour pour Microsoft Windows (KB971513)
Mise à jour pour Windows Internet Explorer 8 (KB2362765)
Mise à jour pour Windows Internet Explorer 8 (KB2447568)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2467659)
Mise à jour pour Windows XP (KB2492386)
Mise à jour pour Windows XP (KB2541763)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB961503)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox 5.0 (x86 fr)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
My Herman
MyPhoneExplorer
NetBeans IDE 6.9.1
Network Stumbler 0.4.0 (remove only)
OpenOffice.org 3.3
Outil de téléchargement Windows Live
Panda ActiveScan 2.0
PerformanceTest v7.0
Pidgin
PL-2303 USB-to-Serial
PMB
PowerISO
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recuva
Sandboxie 3.50
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Skype™ 5.1
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Style Master 4.6
SUPER © Version 2010.bld.42 (Nov 7, 2010)
SuperCopier2
Synaptics Pointing Device Driver
System Control Manager
TeamViewer 6
The Print Shop 22
THE Rename 2.1.6
Thumbnailer Lite
Tidy Favorites 5.0
TightVNC 2.0.3
TradeManager 2010 Beta1
Tunatic
TweakXP Tweaking Utility 2
Ulead PhotoImpact 12
UltraCompare v8.00
UltraVnc
UndeletePlus™ 3.0.1.712
Unlocker 1.9.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB 2.0 Card Reader
Utilitaire de sauvegarde Windows
VLC media player 1.1.9
VobSub v2.23 (Remove Only)
WampServer 2.1
WebFldrs XP
WhiteBoardMeeting
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.00 beta 4 (32-bit)
WinSetupFromUSB
WordPerfect Office X3
XMind
XP Home Permissions Manager
XSensors
.
==== End Of File ===========================


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Admin at 17:19:23 on 2011-07-02
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2037.1109 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://127.0.0.1:8998
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [IBP]
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe
mRun: [atwtusb] atwtusb.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\fichie~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admin\menudm~1\progra~1\dmarra~1\_unins~1.lnk - c:\documents and settings\admin\local settings\temp\_uninst_setup_9.0.0.722_17.06.2011_01-03.exe.bat
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: Ouvrir dans WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0401
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0402
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0404
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0405
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0406
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0407
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040B
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040C
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang040D
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0410
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0413
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0415
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0416
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0418
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang041D
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0421
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0422
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0429
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0C1A
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0401
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0402
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0404
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0405
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0406
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0407
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang040B
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang040C
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang040D
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0410
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0413
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0415
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0416
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0418
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang041D
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0421
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0422
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0429
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0C1A
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {70BEC6D2-977B-43CB-9A50-424099BA3897} - c:\progra~1\fichie~1\tidyfa~1\AddToFav.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E3CB497B-E230-4445-8B34-13476822F867} - {9B0CFC24-6650-4BEE-8030-6FCAE4672685} - c:\progra~1\fichie~1\tidyfa~1\OpenFav.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216272711831
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: DhcpNameServer = 192.168.0.254
TCP: Interfaces\{896F6154-36FE-42C0-B0EC-8B17B92C52A4} : DhcpNameServer = 192.168.0.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\fichiers communs\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin\application data\mozilla\firefox\profiles\03flumxu.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4444
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\admin\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npww.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-11-20 28552]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl4495b62c;MpKsl4495b62c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8526190e-ce6a-4496-ad30-3bb6fb5a4574}\MpKsl4495b62c.sys [2011-7-2 28752]
R1 MpKsldff7768c;MpKsldff7768c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8526190e-ce6a-4496-ad30-3bb6fb5a4574}\MpKsldff7768c.sys [2011-6-30 28752]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-5-26 197224]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-10-18 124648]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2010-11-11 22528]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-26 1691480]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2011-1-13 17149]
S3 DragonSvc;Dragon Service;c:\program files\fichiers communs\nuance\dgnsvc.exe [2010-8-12 296808]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-14 136176]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.2.1;c:\windows\system32\drivers\libusb0.sys [2010-2-16 35392]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-5-1 311744]
S3 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-7-17 159744]
S3 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2010-10-4 63488]
S3 osppsvc;Office Software Protection Platform;c:\program files\fichiers communs\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-6-1 367456]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
S3 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
S3 uxddrv;Dynamically loaded UxdDrv;\??\e:\diagnose\wsteng32\2part\uxddrv86.sys --> e:\diagnose\wsteng32\2part\uxddrv86.sys [?]
.
=============== Created Last 30 ================
.
2011-07-02 14:07:30 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8526190e-ce6a-4496-ad30-3bb6fb5a4574}\MpKsl4495b62c.sys
2011-06-30 20:13:40 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8526190e-ce6a-4496-ad30-3bb6fb5a4574}\MpKsldff7768c.sys
2011-06-30 20:13:09 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8526190e-ce6a-4496-ad30-3bb6fb5a4574}\mpengine.dll
2011-06-28 21:10:45 -------- d-----w- c:\documents and settings\admin\application data\UltraVNC
2011-06-28 21:09:42 -------- d-----w- c:\program files\UltraVNC
2011-06-28 21:06:09 -------- d-----w- c:\documents and settings\admin\application data\TightVNC
2011-06-28 21:05:48 -------- d-----w- c:\program files\TightVNC
2011-06-25 11:54:11 388096 ----a-r- c:\documents and settings\admin\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-25 11:54:10 -------- d-----w- c:\program files\Trend Micro
2011-06-21 22:51:49 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-21 22:51:49 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-18 17:59:20 -------- d-----w- c:\documents and settings\admin\application data\MyPhoneExplorer
2011-06-18 17:59:00 -------- d-----w- c:\program files\MyPhoneExplorer
2011-06-18 17:43:41 -------- d-----w- C:\sim_scan
2011-06-18 17:43:27 -------- d-----w- c:\program files\GSM SIM Utility V4.8
2011-06-18 17:28:44 43264 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2011-06-18 15:08:02 -------- d-----w- c:\program files\Dekart
2011-06-18 13:57:17 -------- d-----w- c:\documents and settings\admin\application data\Serif
2011-06-18 13:53:54 -------- d-----w- c:\program files\Serif
2011-06-18 12:48:21 -------- d-----w- c:\documents and settings\admin\BitNami WordPress Stack projects
2011-06-18 12:09:58 -------- d-----w- c:\documents and settings\admin\local settings\application data\PassMark
2011-06-18 12:09:41 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2011-06-18 12:09:40 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2011-06-18 12:09:39 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-06-18 12:09:36 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-06-18 12:09:11 -------- d-----w- c:\documents and settings\all users\application data\PassMark
2011-06-18 12:09:04 -------- d-----w- c:\program files\PerformanceTest
2011-06-16 23:02:12 -------- d-----w- c:\documents and settings\admin\application data\QuickScan
2011-06-14 00:00:24 776704 ----a-w- c:\temp\UPnPTest.exe
2011-06-14 00:00:24 229376 ----a-w- c:\temp\CrashRpt.dll
2011-06-14 00:00:24 -------- d-----w- C:\temp
2011-06-11 14:44:51 -------- d-----w- c:\program files\fichiers communs\Tidy Favorites
2011-06-11 14:43:54 -------- d-----w- C:\Tidy Favorites
2011-06-11 02:29:04 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-11 02:29:04 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-06-11 02:27:00 -------- d-----w- c:\program files\iPod
2011-06-11 02:24:45 -------- d-----w- c:\documents and settings\admin\local settings\application data\Apple
2011-06-11 02:24:05 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-06-11 02:24:05 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-11 02:22:31 -------- d-----w- c:\program files\Bonjour
2011-06-11 02:22:00 -------- d-----w- c:\program files\fichiers communs\Apple
2011-06-11 02:21:06 -------- d-----w- c:\documents and settings\admin\local settings\application data\Apple Computer
2011-06-11 00:04:38 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-06-11 00:04:35 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-06-10 03:59:21 -------- d-----w- c:\documents and settings\admin\application data\LibreOffice
2011-06-10 03:52:12 -------- d-----w- c:\program files\LibreOffice 3.4
2011-06-05 19:40:05 -------- d-----w- c:\documents and settings\admin\.homeplayer
2011-06-05 19:38:56 -------- d-----w- c:\program files\HomePlayer
2011-06-04 14:13:31 -------- d-----w- c:\documents and settings\admin\application data\emesene
2011-06-04 14:11:00 -------- d-----w- c:\program files\emesene2
2011-06-03 20:00:57 -------- d-----w- C:\WinSetupFromUSB
2011-06-03 19:43:28 -------- d-----w- c:\documents and settings\admin\local settings\application data\NeoSmart_Technologies
2011-06-03 19:40:01 -------- d-----w- C:\NST
2011-06-03 19:33:35 -------- d-----w- c:\program files\NeoSmart Technologies
2011-06-02 17:43:34 -------- d-----w- c:\program files\Gyrus Solutions
2011-06-02 17:18:58 16384 ----a-w- c:\windows\chownGUI.exe
2011-06-02 16:47:18 29968 ----a-w- c:\windows\system32\Rshx32_5.dll
2011-06-02 16:47:18 242448 ----a-w- c:\windows\system32\scedll.dll
2011-06-02 16:47:10 49936 ----a-w- c:\windows\system32\SeCEdit.exe
2011-06-02 16:47:09 384784 ----a-w- c:\windows\system32\wsecedit.dll
.
==================== Find3M ====================
.
2011-06-21 20:08:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 16:22:49 84028 ----a-w- c:\windows\system32\drivers\AFS2K.SYS
2011-05-04 16:31:04 295528 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2011-05-04 02:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 00:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-03 14:33:46 6404712 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:26 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:06:11 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06:10 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06:10 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-20 12:19:22 272208 ----a-w- c:\windows\system32\WPPFilt.dll
2011-04-15 13:48:20 56936 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-04-14 11:36:24 20053608 ----a-w- c:\windows\RTHDCPL.EXE
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 17:20:46,14 ===============



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xA2527000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6668288 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xB8D52000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Noyau et système NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0x9BF76000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xB9E6E000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9DAA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB8C03000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9C074000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8B5A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9C17F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9B9A5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB8CCF000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 290816 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0x9BB4D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8C74000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0x9C1EB000 C:\WINDOWS\System32\Drivers\RtsUStor.sys 204800 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x9BE38000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D7D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9AF04000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9C0E4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8D16000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9C157000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9C23D000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x9C131000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9C050000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA2503000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8CAB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8BB8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C10F000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9BF2D000 C:\Program Files\Sandboxie\SbieDrv.sys 135168 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E4E000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F48000 ftdisk.sys 126976 bytes (Microsoft Corporation, Pilote de disque à FT)
0xB9D63000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E37000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8BEC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9BDFB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8D3E000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9C1D8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0xB8BDB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0x9B755000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA3054000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9C446000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0x9D805000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x9D7F5000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 57344 bytes (Oak Technology Inc., Audio File System)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Pilote de port i8042)
0x9C9D1000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA208000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9C9A1000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Pilote de cryptographie FIPS)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA218000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Pilote de périphérique processeur)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, Pilote de bus PNP ISA)
0xB92F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9B04F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9B152000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA238000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9C9F1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9CA01000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9C6DD000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9C6F5000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA430000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0xBA490000 C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys 28672 bytes
0x9CB7C000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xBA388000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8526190E-CE6A-4496-AD30-3BB6FB5A4574}\MpKsl4495b62c.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x9C6C5000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8526190E-CE6A-4496-AD30-3BB6FB5A4574}\MpKsldff7768c.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA330000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xBA420000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x9C6ED000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x9C6E5000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA448000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA450000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA2F0B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA589F000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9BF72000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Pilote de contrôleur intégré ACPI)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA5AB5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9B0BE000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9B0BA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9CA35000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x9C8E1000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0x9C8E3000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9C8DF000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0x9C8DD000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA606000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA604000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA742000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA2CA5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7E5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 02 July 2011 - 05:58 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 05 July 2011 - 01:30 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 08 July 2011 - 03:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 07:02 AM

I have reopened the topic for you - send me the report when ready


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#8 User is offline   P. TATA 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 25-June 11

Posted 10 July 2011 - 09:37 AM

Hi Gringo

I'm afraid Combofix scan is hangs after the reboot. Even after hours I get nothing after the scanning warning.

#9 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 11:39 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


after combofix has finished its scan please post the report back here.

Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#10 User is offline   P. TATA 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 25-June 11

Posted 10 July 2011 - 01:42 PM

In safe mode, the computer is shutting down at step 3 of Combofix.
I think the computer is too hot when scanning in safe mode.

Follow up : I've put the computer in a cool place, but it is stuck in the report generating step in safe mode too

This post has been edited by P. TATA: 10 July 2011 - 04:36 PM

#11 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 10 July 2011 - 09:21 PM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#12 User is offline   P. TATA 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 25-June 11

Posted 11 July 2011 - 06:22 AM

Hi, thank you for your suggestion.
Here is the report.

2011/07/11 13:18:47.0140 1208 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 13:18:47.0218 1208 ================================================================================
2011/07/11 13:18:47.0218 1208 SystemInfo:
2011/07/11 13:18:47.0218 1208
2011/07/11 13:18:47.0218 1208 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/11 13:18:47.0218 1208 Product type: Workstation
2011/07/11 13:18:47.0218 1208 ComputerName: OWNER-F4C347AC1
2011/07/11 13:18:47.0218 1208 UserName: Admin
2011/07/11 13:18:47.0218 1208 Windows directory: C:\WINDOWS
2011/07/11 13:18:47.0218 1208 System windows directory: C:\WINDOWS
2011/07/11 13:18:47.0218 1208 Processor architecture: Intel x86
2011/07/11 13:18:47.0218 1208 Number of processors: 2
2011/07/11 13:18:47.0218 1208 Page size: 0x1000
2011/07/11 13:18:47.0218 1208 Boot type: Safe boot
2011/07/11 13:18:47.0218 1208 ================================================================================
2011/07/11 13:18:49.0125 1208 Initialize success
2011/07/11 13:18:53.0453 1232 ================================================================================
2011/07/11 13:18:53.0453 1232 Scan started
2011/07/11 13:18:53.0453 1232 Mode: Manual;
2011/07/11 13:18:53.0453 1232 ================================================================================
2011/07/11 13:18:53.0906 1232 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/11 13:18:53.0984 1232 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/07/11 13:18:54.0109 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/11 13:18:54.0250 1232 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/07/11 13:18:54.0359 1232 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/11 13:18:54.0421 1232 AFS2K (bc812c77f8a24370fd0512f0ff4967f8) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/07/11 13:18:54.0625 1232 aiptektp (14a9ba653838164a2ae148e362640197) C:\WINDOWS\system32\DRIVERS\aiptektp.sys
2011/07/11 13:18:54.0875 1232 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/07/11 13:18:55.0406 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/11 13:18:55.0484 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/07/11 13:18:55.0609 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/11 13:18:55.0703 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/11 13:18:55.0781 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/11 13:18:56.0078 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/11 13:18:56.0125 1232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/11 13:18:56.0250 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/11 13:18:56.0343 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/11 13:18:56.0421 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/11 13:18:56.0593 1232 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/07/11 13:18:56.0703 1232 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/11 13:18:57.0046 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/11 13:18:57.0171 1232 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/11 13:18:57.0250 1232 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/11 13:18:57.0312 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/11 13:18:57.0421 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/11 13:18:57.0515 1232 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
2011/07/11 13:18:57.0843 1232 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/07/11 13:18:57.0906 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/11 13:18:58.0062 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/11 13:18:58.0171 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/11 13:18:58.0218 1232 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/11 13:18:58.0281 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/11 13:18:58.0359 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/11 13:18:58.0453 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/11 13:18:58.0515 1232 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/11 13:18:58.0625 1232 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/11 13:18:58.0687 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/11 13:18:58.0812 1232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/11 13:18:58.0921 1232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/11 13:18:59.0093 1232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/11 13:18:59.0296 1232 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/11 13:18:59.0578 1232 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/11 13:18:59.0843 1232 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/07/11 13:18:59.0937 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/11 13:19:00.0312 1232 IntcAzAudAddService (4716f7ee8fb7fd02596ece1ec70aff53) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/11 13:19:00.0609 1232 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/11 13:19:00.0671 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/11 13:19:00.0734 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/11 13:19:00.0796 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/11 13:19:00.0890 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/11 13:19:00.0984 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/11 13:19:01.0046 1232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/11 13:19:01.0140 1232 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/11 13:19:01.0234 1232 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/11 13:19:01.0312 1232 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/11 13:19:01.0406 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/11 13:19:01.0468 1232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/11 13:19:01.0656 1232 libusb0 (05168d7d29cecf113bf7503a44241f2a) C:\WINDOWS\system32\DRIVERS\libusb0.sys
2011/07/11 13:19:01.0812 1232 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/07/11 13:19:01.0906 1232 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/11 13:19:01.0984 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/11 13:19:02.0093 1232 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/11 13:19:02.0218 1232 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/07/11 13:19:02.0359 1232 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/11 13:19:02.0437 1232 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/11 13:19:02.0500 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/11 13:19:02.0578 1232 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/07/11 13:19:02.0703 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/11 13:19:02.0796 1232 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/11 13:19:02.0890 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/11 13:19:03.0000 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/11 13:19:03.0078 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/11 13:19:03.0140 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/11 13:19:03.0218 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/11 13:19:03.0265 1232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/11 13:19:03.0328 1232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/11 13:19:03.0390 1232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/11 13:19:03.0500 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/11 13:19:03.0546 1232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/11 13:19:03.0640 1232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/11 13:19:03.0703 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/11 13:19:03.0750 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/11 13:19:03.0828 1232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/11 13:19:03.0890 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/11 13:19:03.0953 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/11 13:19:04.0171 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/11 13:19:04.0265 1232 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS
2011/07/11 13:19:04.0359 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/11 13:19:04.0468 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/11 13:19:04.0546 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/11 13:19:04.0593 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/11 13:19:04.0703 1232 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/11 13:19:04.0781 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/11 13:19:04.0843 1232 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/11 13:19:04.0921 1232 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/07/11 13:19:04.0984 1232 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/11 13:19:05.0171 1232 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/11 13:19:05.0718 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/11 13:19:05.0859 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/11 13:19:05.0921 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/11 13:19:06.0203 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/11 13:19:06.0296 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/11 13:19:06.0375 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/11 13:19:06.0437 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/11 13:19:06.0546 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/11 13:19:06.0625 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/11 13:19:06.0765 1232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/11 13:19:06.0843 1232 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/11 13:19:06.0984 1232 RSUSBSTOR (247b0a8164069cd4fe6f3094c581b13b) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/07/11 13:19:07.0171 1232 RTLE8023xp (6fd9c99f0b8617122ae27392ab1b3059) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/07/11 13:19:07.0312 1232 SbieDrv (0e37b22d506d09f349885049db34f0dc) C:\Program Files\Sandboxie\SbieDrv.sys
2011/07/11 13:19:07.0437 1232 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
2011/07/11 13:19:07.0546 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/11 13:19:07.0671 1232 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/07/11 13:19:07.0765 1232 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/11 13:19:07.0843 1232 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/11 13:19:07.0953 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/11 13:19:08.0125 1232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/11 13:19:08.0281 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/11 13:19:08.0375 1232 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/11 13:19:08.0484 1232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/11 13:19:08.0578 1232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/11 13:19:08.0656 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/11 13:19:08.0718 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/11 13:19:09.0046 1232 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/07/11 13:19:09.0109 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/11 13:19:09.0218 1232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/11 13:19:09.0312 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/11 13:19:09.0359 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/11 13:19:09.0468 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/11 13:19:09.0718 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/11 13:19:09.0859 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/11 13:19:10.0015 1232 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/11 13:19:10.0078 1232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/11 13:19:10.0140 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/11 13:19:10.0250 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/11 13:19:10.0343 1232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/11 13:19:10.0421 1232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/11 13:19:10.0500 1232 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
2011/07/11 13:19:10.0562 1232 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/11 13:19:10.0625 1232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/11 13:19:10.0718 1232 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/11 13:19:10.0843 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/11 13:19:11.0046 1232 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/11 13:19:11.0218 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/11 13:19:11.0328 1232 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/07/11 13:19:11.0453 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/11 13:19:11.0671 1232 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/07/11 13:19:11.0859 1232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/11 13:19:11.0921 1232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/11 13:19:12.0000 1232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/11 13:19:12.0171 1232 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/11 13:19:12.0218 1232 MBR (0x1B8) (23b571400a29918f5392f6e85eeb756e) \Device\Harddisk1\DR3
2011/07/11 13:19:12.0296 1232 Boot (0x1200) (1f7e81384778d9ecc4b9bf03ae31d62e) \Device\Harddisk0\DR0\Partition0
2011/07/11 13:19:12.0375 1232 Boot (0x1200) (dd9874ffc14bd71a50e642f40d28781a) \Device\Harddisk0\DR0\Partition1
2011/07/11 13:19:12.0421 1232 Boot (0x1200) (3522d64422e819ea22e343bd816c31c4) \Device\Harddisk1\DR3\Partition0
2011/07/11 13:19:12.0453 1232 ================================================================================
2011/07/11 13:19:12.0453 1232 Scan finished
2011/07/11 13:19:12.0453 1232 ================================================================================
2011/07/11 13:19:12.0500 1224 Detected object count: 0
2011/07/11 13:19:12.0515 1224 Actual detected object count: 0

#13 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 11 July 2011 - 07:09 AM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTListIt.txt in your next reply.

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#14 User is offline   P. TATA 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 25-June 11

Posted 11 July 2011 - 05:46 PM

hi,

here is it

OTL logfile created on: 12/07/2011 00:09:10 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 70,04% Memory free
4,28 Gb Paging File | 3,80 Gb Available in Paging File | 88,84% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64,83 Gb Total Space | 13,07 Gb Free Space | 20,15% Space Free | Partition Type: NTFS
Drive D: | 9,69 Gb Total Space | 7,36 Gb Free Space | 76,01% Space Free | Partition Type: FAT32
Drive E: | 987,59 Mb Total Space | 11,08 Mb Free Space | 1,12% Space Free | Partition Type: FAT32

Computer Name: OWNER| User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
PRC - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\CNAC3RPK.EXE (CANON INC.)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ATWTUSB.EXE ()
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)


========== Modules (SafeList) ==========

MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe (Apache Software Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (DragonSvc) -- C:\Program Files\Fichiers communs\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (osppsvc) -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (aiptektp) -- C:\WINDOWS\system32\drivers\aiptektp.sys (WALTOP International Corp.)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1:8998
IE - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TF = about:blank
IE - HKU\S-1-5-21-2712906358-677957095-463043899-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2712906358-677957095-463043899-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1.1
FF - prefs.js..extensions.enabledItems: jsdeobfuscator@adblockplus.org:1.5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: multilinks@plugin:3.0.0.16
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: alldebrid@alldebrid.com:3.1.1
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.2.8
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 4444
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011/05/14 21:37:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 00:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/11 04:26:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Admin\Application Data\IDM\idmmzcc3
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

[2011/05/20 20:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/05/20 20:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/07/02 17:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions
[2011/05/13 22:49:24 | 000,000,000 | ---D | M] (Leak Monitor) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\{1ed6b678-1f93-4660-a9c5-01af87b323d3}
[2011/01/19 23:17:17 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/06/22 00:51:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/09 12:56:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/06/17 00:55:53 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/03/28 22:27:59 | 000,000,000 | ---D | M] (Alldebrid) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\alldebrid@alldebrid.com
[2011/03/12 17:03:17 | 000,000,000 | ---D | M] (Element Hiding Helper for Adblock Plus) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\elemhidehelper@adblockplus.org
[2011/06/23 11:54:00 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\formhistory@yahoo.com
[2011/03/19 23:06:13 | 000,000,000 | ---D | M] (Multi Links) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\multilinks@plugin
[2011/01/29 15:10:01 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\toolbar@ask.com
[2011/06/26 13:42:00 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\03flumxu.default\extensions\TooManyTabs@visibotech.com
[2011/06/11 16:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions
[2009/12/05 15:20:28 | 000,000,000 | ---D | M] (Leak Monitor) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{1ed6b678-1f93-4660-a9c5-01af87b323d3}
[2009/11/29 18:31:10 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010/01/11 06:02:02 | 000,000,000 | ---D | M] (Unhide Passwords) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2009/07/26 15:39:46 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/19 23:37:11 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/11 06:01:54 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2009/11/29 18:31:11 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2009/12/16 01:37:29 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/08/18 22:36:44 | 000,000,000 | ---D | M] (Facebook Ads Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{90efa89d-c0b3-3344-bd46-7572ba3787f1}
[2011/06/11 16:45:02 | 000,000,000 | ---D | M] (Tidy Favorites) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{9CD56302-43D2-49AA-8C0A-1FB303186E88}
[2009/07/01 16:42:29 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009/11/29 18:31:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/01 16:42:27 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/02/24 21:37:35 | 000,000,000 | ---D | M] (JSView) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
[2009/11/19 23:47:24 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/14 09:25:24 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/12/02 21:07:22 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\afom@idevfh
[2010/01/11 06:01:53 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\autopager@mozilla.org
[2008/11/01 21:48:50 | 000,000,000 | ---D | M] ("China Channel") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\china_channel@artzilla.org
[2009/12/02 21:07:22 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\FasterFox_Lite@BigRedBrent
[2009/11/19 23:47:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\firebug@software.joehewitt.com
[2009/12/05 15:20:29 | 000,000,000 | ---D | M] (myibay Firefox extension) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\firefox1@myibay.com
[2009/07/04 13:36:48 | 000,000,000 | ---D | M] (GetMyAuction Search Toolbar for eBay) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\firefox-toolbar@getmyauction.com
[2010/01/14 09:25:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\foxyproxy@eric.h.jung
[2010/01/14 09:25:15 | 000,000,000 | ---D | M] (WebMail Ad Blocker) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\gmailnoads@mywebber.com
[2008/11/21 01:15:20 | 000,000,000 | ---D | M] (Hide All Toolbars) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\hidealltoolbars@craig.lawson
[2009/07/01 16:42:24 | 000,000,000 | ---D | M] (Aspator) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\HQ_IP@astri.org
[2009/09/03 02:09:50 | 000,000,000 | ---D | M] ("Illimitux") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\illimitux@illimitux.net
[2009/07/16 16:45:56 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\linkalert.conlan@addons.mozilla.com
[2009/10/16 16:49:57 | 000,000,000 | ---D | M] (QuickToolbars) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\quick@toolbars.be
[2009/12/02 21:07:22 | 000,000,000 | ---D | M] (RAMBack) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\ramback@pavlov.net
[2009/11/23 12:32:43 | 000,000,000 | ---D | M] (Shorten URL) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\ShortenURL@loucypher
[2010/01/11 06:02:01 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\SQLiteManager@mrinalkant.blogspot.com
[2011/01/19 23:37:11 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\1lowlthc.one\extensions\TooManyTabs@visibotech.com
[2011/06/11 16:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (Leak Monitor) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{1ed6b678-1f93-4660-a9c5-01af87b323d3}
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (Unhide Passwords) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/01/20 01:01:35 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011/01/20 01:01:35 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/01/20 01:01:35 | 000,000,000 | ---D | M] (Facebook Ads Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{90efa89d-c0b3-3344-bd46-7572ba3787f1}
[2011/06/11 16:45:03 | 000,000,000 | ---D | M] (Tidy Favorites) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{9CD56302-43D2-49AA-8C0A-1FB303186E88}
[2011/01/20 01:01:35 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011/01/20 01:01:35 | 000,000,000 | ---D | M] (RSFind! Mod) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}
[2011/01/20 01:01:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/20 01:01:36 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/20 01:01:36 | 000,000,000 | ---D | M] (JSView) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
[2011/01/20 01:01:37 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/01/20 01:01:37 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2011/01/20 01:01:37 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/20 01:01:37 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/20 01:01:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/01/20 01:01:31 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\afom@idevfh
[2011/01/20 01:01:31 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\autopager@mozilla.org
[2011/01/20 01:01:31 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\checkplaces@andyhalford.com
[2011/01/20 01:01:31 | 000,000,000 | ---D | M] ("China Channel") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\china_channel@artzilla.org
[2011/01/20 01:01:31 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\FasterFox_Lite@BigRedBrent
[2011/01/20 01:01:32 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\firebug@software.joehewitt.com
[2011/01/20 01:01:32 | 000,000,000 | ---D | M] (Myibay Firefox extension) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\firefox1@myibay.com
[2011/01/20 01:01:32 | 000,000,000 | ---D | M] (GetMyAuction Search Toolbar for eBay) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\firefox-toolbar@getmyauction.com
[2011/01/20 01:01:32 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\formhistory@yahoo.com
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\foxyproxy@eric.h.jung
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (Webmail Ad Blocker) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\gmailnoads@mywebber.com
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (Hide All Toolbars) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\hidealltoolbars@craig.lawson
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (Aspator) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\HQ_IP@astri.org
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] ("Illimitux") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\illimitux@illimitux.net
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\linkalert.conlan@addons.mozilla.com
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (QuickToolbars) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\quick@toolbars.be
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (RAMBack) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\ramback@pavlov.net
[2011/01/20 01:01:33 | 000,000,000 | ---D | M] (Real-Debrid Plugin) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\real@debrid
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (refspoof) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\refspoof@mozdev.org
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (Shorten URL) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\ShortenURL@loucypher
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\SkipScreen@SkipScreen
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\SQLiteManager@mrinalkant.blogspot.com
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\support@auto-hide-ip.com
[2011/01/20 01:01:34 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre\extensions\TooManyTabs@visibotech.com
[2011/01/20 00:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre2\extensions
[2011/01/20 00:52:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\febeprof.septembre2\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/11 16:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (Leak Monitor) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{1ed6b678-1f93-4660-a9c5-01af87b323d3}
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] ("GoogleEnhancer") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (Unhide Passwords) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (Facebook Ads Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{90efa89d-c0b3-3344-bd46-7572ba3787f1}
[2011/06/11 16:45:03 | 000,000,000 | ---D | M] (Tidy Favorites) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{9CD56302-43D2-49AA-8C0A-1FB303186E88}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011/01/19 23:57:56 | 000,000,000 | ---D | M] (RSFind! Mod) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}
[2011/01/19 23:57:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/19 23:57:57 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/19 23:57:57 | 000,000,000 | ---D | M] (JSView) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}
[2011/01/19 23:57:57 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011/01/19 23:57:58 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2011/01/19 23:57:59 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/01/19 23:57:59 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/19 23:57:59 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/01/19 23:57:48 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\afom@idevfh
[2011/01/19 23:57:48 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\autopager@mozilla.org
[2011/01/19 23:57:48 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\checkplaces@andyhalford.com
[2011/01/19 23:57:49 | 000,000,000 | ---D | M] ("China Channel") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\china_channel@artzilla.org
[2011/01/19 23:57:49 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\FasterFox_Lite@BigRedBrent
[2011/01/19 23:57:51 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\firebug@software.joehewitt.com
[2011/01/19 23:57:51 | 000,000,000 | ---D | M] (Myibay Firefox extension) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\firefox1@myibay.com
[2011/01/19 23:57:51 | 000,000,000 | ---D | M] (GetMyAuction Search Toolbar for eBay) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\firefox-toolbar@getmyauction.com
[2011/01/19 23:57:51 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\formhistory@yahoo.com
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\foxyproxy@eric.h.jung
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (Webmail Ad Blocker) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\gmailnoads@mywebber.com
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (Hide All Toolbars) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\hidealltoolbars@craig.lawson
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (Aspator) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\HQ_IP@astri.org
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] ("Illimitux") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\illimitux@illimitux.net
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\linkalert.conlan@addons.mozilla.com
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (QuickToolbars) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\quick@toolbars.be
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (RAMBack) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\ramback@pavlov.net
[2011/01/19 23:57:53 | 000,000,000 | ---D | M] (Real-Debrid Plugin) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\real@debrid
[2011/01/19 23:57:54 | 000,000,000 | ---D | M] (refspoof) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\refspoof@mozdev.org
[2011/01/19 23:57:54 | 000,000,000 | ---D | M] (Shorten URL) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\ShortenURL@loucypher
[2011/01/19 23:57:54 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\SkipScreen@SkipScreen
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (SQLite Manager) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\SQLiteManager@mrinalkant.blogspot.com
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (Auto Hide IP) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\support@auto-hide-ip.com
[2011/01/19 23:57:55 | 000,000,000 | ---D | M] (TooManyTabs) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\profileFx3.two\extensions\TooManyTabs@visibotech.com
[2011/06/23 01:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\u4oq2pqu.light\extensions
[2011/01/19 23:55:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\u4oq2pqu.light\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/10 00:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 13:06:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 17:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/10 15:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/10 00:58:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\03FLUMXU.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\03FLUMXU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\03FLUMXU.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\03FLUMXU.DEFAULT\EXTENSIONS\MEMORYRESTART@TEAMEXTENSION.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\03FLUMXU.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2010/12/02 13:05:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/30 03:20:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/22 00:51:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/13 11:37:24 | 000,112,024 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/07/03 01:29:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2712906358-677957095-463043899-1007..\Run: [IBP] File not found
O4 - HKU\S-1-5-21-2712906358-677957095-463043899-1007..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Démarrage\_uninst_setup_9.0.0.722_17.06.2011_01-03.exe.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Add to Favorites - {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - C:\Program Files\Fichiers communs\Tidy Favorites\AddToFav.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Open Tidy Favorites - {E3CB497B-E230-4445-8B34-13476822F867} - C:\Program Files\Fichiers communs\Tidy Favorites\OpenFav.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216272711831 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/17 05:37:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/28 01:28:24 | 000,000,145 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 00:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/07/11 00:13:23 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/11 00:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/07/11 00:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/11 00:13:19 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/11 00:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/10 23:05:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/07/10 22:53:50 | 000,000,000 | ---D | C] -- C:\Combo-Fix17880C
[2011/07/10 22:16:13 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2011/07/10 22:16:13 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2011/07/10 22:16:13 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2011/07/10 22:16:13 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2011/07/10 22:16:13 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2011/07/10 22:16:13 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2011/07/10 22:16:13 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2011/07/10 22:16:13 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2011/07/10 22:16:13 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2011/07/10 21:50:15 | 000,000,000 | ---D | C] -- C:\Combo-Fix23570C
[2011/07/10 21:18:38 | 000,000,000 | ---D | C] -- C:\Combo-Fix12583C
[2011/07/10 21:17:44 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2011/07/10 21:17:18 | 004,138,980 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Bureau\Combo-Fix.exe
[2011/07/10 20:38:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/06 17:36:48 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Bureau\TDSSKiller.exe
[2011/07/03 01:13:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/03 01:11:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/03 01:11:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/03 01:11:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/03 01:11:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/03 01:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/03 01:11:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/02 18:18:00 | 000,509,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Bureau\winsdk_web.exe
[2011/07/02 17:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Bureau\bleeping logs
[2011/07/02 17:19:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Outils d'administration
[2011/07/02 17:18:12 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Bureau\dds.scr
[2011/06/29 14:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\cdiscount
[2011/06/28 23:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\UltraVNC
[2011/06/28 23:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\UltraVNC
[2011/06/28 23:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2011/06/28 23:07:26 | 002,291,768 | ---- | C] (uvnc bvba ) -- C:\Documents and Settings\Admin\Bureau\UltraVNC_1.0.9.6.1_Setup.exe
[2011/06/28 23:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\TightVNC
[2011/06/28 23:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TightVNC viewer
[2011/06/28 23:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2011/06/28 23:05:07 | 000,661,888 | ---- | C] (GlavSoft LLC.) -- C:\Documents and Settings\Admin\Bureau\tightvnc-2.0.3-setup.exe
[2011/06/25 13:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/25 13:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Menu Démarrer\Programmes\HiJackThis
[2011/06/25 13:26:00 | 004,130,503 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Bureau\ComboFix.exe
[2011/06/25 13:23:26 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTL.exe
[2011/06/19 11:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\tuto_ubuntu
[2011/06/19 11:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\photo_imprimees
[2011/06/19 11:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\hirens_bcd
[2011/06/18 19:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\MyPhoneExplorer
[2011/06/18 19:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MyPhoneExplorer
[2011/06/18 19:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2011/06/18 19:43:41 | 000,000,000 | ---D | C] -- C:\sim_scan
[2011/06/18 19:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GSM SIM Utility V4.8
[2011/06/18 19:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\GSM SIM Utility V4.8
[2011/06/18 19:28:44 | 000,043,264 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2011/06/18 19:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PL-2303 USB-Serial Driver
[2011/06/18 17:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\simmax48
[2011/06/18 17:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dekart
[2011/06/18 17:05:33 | 001,351,280 | ---- | C] (Dekart) -- C:\Documents and Settings\Admin\Bureau\SIMReader.exe
[2011/06/18 15:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Serif
[2011/06/18 15:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Serif Applications
[2011/06/18 15:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Serif
[2011/06/18 14:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\BitNami WordPress Stack projects
[2011/06/18 14:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\PassMark
[2011/06/18 14:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\PassMark
[2011/06/18 14:09:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2011/06/18 14:09:40 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2011/06/18 14:09:39 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2011/06/18 14:09:36 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2011/06/18 14:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PerformanceTest
[2011/06/18 14:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/06/18 14:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2011/06/18 14:07:48 | 012,242,992 | ---- | C] (Passmark Software ) -- C:\Documents and Settings\Admin\Bureau\petst.exe
[2011/06/17 19:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\BitNami WordPress Stack
[2011/06/17 01:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2011/06/17 00:48:51 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Admin\Bureau\esetsmartinstaller_enu.exe
[2011/06/17 00:46:55 | 098,679,840 | ---- | C] ( ) -- C:\Documents and Settings\Admin\Bureau\setup_9.0.0.722_17.06.2011_01-03.exe
[2011/06/17 00:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\Téléchargements
[2011/06/16 14:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\SpringBoard - Jesse Feinberg
[2011/06/15 16:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Bureau\__ files in desktop
[2011/06/15 16:26:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/06/15 16:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR
[2011/06/15 16:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Menu Démarrer\Programmes\WinRAR
[2011/06/15 16:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Bureau\SNES9X
[2011/06/14 02:00:24 | 000,000,000 | ---D | C] -- C:\temp
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/12 00:04:36 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/12 00:04:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/12 00:04:23 | 2136,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/11 08:44:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/11 08:28:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2712906358-677957095-463043899-1007UA.job
[2011/07/11 00:13:23 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/07/10 22:16:40 | 000,003,984 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2011/07/10 21:18:20 | 004,138,980 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Bureau\Combo-Fix.exe
[2011/07/08 16:30:33 | 000,022,163 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\peter pan.odt
[2011/07/07 13:28:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2712906358-677957095-463043899-1007Core.job
[2011/07/06 17:51:35 | 000,236,032 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/04 12:12:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 01:29:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/03 01:13:34 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2011/07/03 01:10:35 | 004,130,503 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Bureau\ComboFix.exe
[2011/07/02 18:22:27 | 001,324,862 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\ProcessMonitor.zip
[2011/07/02 18:21:32 | 000,171,042 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\ListDlls.zip
[2011/07/02 18:18:08 | 000,509,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\Bureau\winsdk_web.exe
[2011/07/02 18:17:52 | 000,292,422 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\DebugView.zip
[2011/07/02 18:13:46 | 001,546,851 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\ProcessExplorer.zip
[2011/07/02 17:23:26 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\RKUnhookerLE.EXE
[2011/07/02 17:18:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable
[2011/07/02 17:18:26 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Bureau\dds.scr
[2011/07/02 17:18:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\Defogger.exe
[2011/07/02 16:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/01 18:46:24 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admin\Bureau\TDSSKiller.exe
[2011/06/30 11:59:10 | 000,247,491 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\New1842Mer29-1.jpg
[2011/06/29 20:14:43 | 006,438,605 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\e.s._posthumus___nara.mp3
[2011/06/29 17:17:38 | 000,345,018 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\7AB1Bd01.pdf
[2011/06/29 02:50:48 | 001,553,083 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\Chicken-2.1.1.dmg
[2011/06/29 02:47:35 | 001,288,772 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\cotvnc-20b4.dmg
[2011/06/28 23:09:49 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\UltraVNC Viewer.lnk
[2011/06/28 23:07:57 | 002,291,768 | ---- | M] (uvnc bvba ) -- C:\Documents and Settings\Admin\Bureau\UltraVNC_1.0.9.6.1_Setup.exe
[2011/06/28 23:05:12 | 000,661,888 | ---- | M] (GlavSoft LLC.) -- C:\Documents and Settings\Admin\Bureau\tightvnc-2.0.3-setup.exe
[2011/06/28 22:24:56 | 000,229,567 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\priere du prophete.PDF
[2011/06/28 18:39:53 | 000,007,358 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\icon_animated_prog_dkgy_42wx42h.gif
[2011/06/28 15:09:38 | 000,039,934 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\3d-pacman-hothead-kitchen-gadget-2.jpg
[2011/06/28 15:09:28 | 000,029,886 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\PotGrabber.jpg
[2011/06/26 13:44:25 | 000,186,318 | R--- | M] () -- C:\Documents and Settings\Admin\Mes documents\PK Touches.pdf
[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/25 14:19:57 | 000,040,212 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\log_files.zip
[2011/06/25 13:54:10 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\HiJackThis.lnk
[2011/06/25 13:53:56 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\HiJackThis.msi
[2011/06/25 13:24:30 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\gmer.zip
[2011/06/25 13:23:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTL.exe
[2011/06/21 22:08:59 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/21 20:56:21 | 000,000,218 | ---- | M] () -- C:\Documents and Settings\Admin\.recently-used.xbel
[2011/06/20 19:48:29 | 000,515,162 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/06/20 19:48:29 | 000,445,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/20 19:48:29 | 000,087,514 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/06/20 19:48:29 | 000,073,424 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/20 14:00:15 | 000,001,667 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\FileZilla Client.lnk
[2011/06/18 19:59:10 | 000,001,752 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MyPhoneExplorer.lnk
[2011/06/18 19:58:03 | 004,259,472 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\MyPhoneExplorer_Setup_1.8.1.exe
[2011/06/18 19:43:35 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SIM Scanner.lnk
[2011/06/18 19:43:35 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\SIM Editor.lnk
[2011/06/18 19:32:27 | 001,348,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/18 17:05:40 | 001,351,280 | ---- | M] (Dekart) -- C:\Documents and Settings\Admin\Bureau\SIMReader.exe
[2011/06/18 15:54:36 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers WebSite X5 v8 - Evolution.exe.lnk
[2011/06/18 14:35:08 | 000,001,048 | ---- | M] () -- C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Démarrage\_uninst_setup_9.0.0.722_17.06.2011_01-03.exe.lnk
[2011/06/18 14:08:49 | 012,242,992 | ---- | M] (Passmark Software ) -- C:\Documents and Settings\Admin\Bureau\petst.exe
[2011/06/17 00:55:09 | 098,679,840 | ---- | M] ( ) -- C:\Documents and Settings\Admin\Bureau\setup_9.0.0.722_17.06.2011_01-03.exe
[2011/06/17 00:49:24 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Admin\Bureau\esetsmartinstaller_enu.exe
[2011/06/16 23:43:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 01:21:47 | 000,209,088 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\WP3.0-ERD.png
[2011/06/14 01:54:20 | 000,476,018 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\UPnPTest.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 00:04:23 | 2136,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/11 00:13:23 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/07/10 22:16:40 | 000,003,984 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2011/07/10 22:16:13 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2011/07/10 22:16:13 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2011/07/10 22:16:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2011/07/08 16:30:31 | 000,022,163 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\peter pan.odt
[2011/07/03 01:13:34 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2011/07/03 01:13:28 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/07/03 01:11:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/03 01:11:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/03 01:11:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/03 01:11:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/03 01:11:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/02 18:22:24 | 001,324,862 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\ProcessMonitor.zip
[2011/07/02 18:21:25 | 000,171,042 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\ListDlls.zip
[2011/07/02 18:17:49 | 000,292,422 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\DebugView.zip
[2011/07/02 18:13:39 | 001,546,851 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\ProcessExplorer.zip
[2011/07/02 17:23:03 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\RKUnhookerLE.EXE
[2011/07/02 17:18:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable
[2011/07/02 17:18:00 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\Defogger.exe
[2011/06/30 11:59:08 | 000,247,491 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\New1842Mer29-1.jpg
[2011/06/29 20:14:20 | 006,438,605 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\e.s._posthumus___nara.mp3
[2011/06/29 17:17:52 | 000,345,018 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\7AB1Bd01.pdf
[2011/06/29 03:54:57 | 150,074,070 | ---- | C] () -- C:\Documents and Settings\Admin\Mes documents\t11_CK_Fancyband.mov
[2011/06/29 02:50:31 | 001,553,083 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\Chicken-2.1.1.dmg
[2011/06/29 02:47:14 | 001,288,772 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\cotvnc-20b4.dmg
[2011/06/28 23:09:48 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\UltraVNC Viewer.lnk
[2011/06/28 22:25:21 | 000,229,567 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\priere du prophete.PDF
[2011/06/28 18:39:51 | 000,007,358 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\icon_animated_prog_dkgy_42wx42h.gif
[2011/06/28 17:08:10 | 000,008,701 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\CARTE CDISCOUNT é.php
[2011/06/28 17:07:44 | 002,120,332 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\CONTRAT CDISCOUNT.pdf
[2011/06/28 17:03:55 | 000,012,975 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\CARTE CDISCOUNT.htm
[2011/06/28 15:09:36 | 000,039,934 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\3d-pacman-hothead-kitchen-gadget-2.jpg
[2011/06/28 15:09:21 | 000,029,886 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\PotGrabber.jpg
[2011/06/26 13:44:51 | 000,186,318 | R--- | C] () -- C:\Documents and Settings\Admin\Mes documents\PK Touches.pdf
[2011/06/26 13:35:57 | 000,025,061 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\courtage-en-travaux-0 (1).gif
[2011/06/25 14:19:57 | 000,040,212 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\log_files.zip
[2011/06/25 13:54:10 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\HiJackThis.lnk
[2011/06/25 13:53:56 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\HiJackThis.msi
[2011/06/25 13:32:40 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\drgrghjer.exe
[2011/06/25 13:24:27 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\gmer.zip
[2011/06/21 20:56:21 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Admin\.recently-used.xbel
[2011/06/20 14:00:15 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\FileZilla Client.lnk
[2011/06/18 19:59:10 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MyPhoneExplorer.lnk
[2011/06/18 19:57:50 | 004,259,472 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\MyPhoneExplorer_Setup_1.8.1.exe
[2011/06/18 19:43:35 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\SIM Scanner.lnk
[2011/06/18 19:43:35 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\SIM Editor.lnk
[2011/06/18 15:56:22 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Serif WebPlus X5.lnk
[2011/06/18 15:54:36 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers WebSite X5 v8 - Evolution.exe.lnk
[2011/06/18 14:35:08 | 000,001,048 | ---- | C] () -- C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Démarrage\_uninst_setup_9.0.0.722_17.06.2011_01-03.exe.lnk
[2011/06/16 23:33:02 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 01:21:53 | 000,209,088 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\WP3.0-ERD.png
[2011/06/14 01:54:22 | 000,476,018 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\UPnPTest.exe
[2011/06/02 19:18:58 | 000,016,384 | ---- | C] () -- C:\WINDOWS\chownGUI.exe
[2011/05/26 23:11:54 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/04/16 05:32:02 | 000,000,140 | ---- | C] () -- C:\WINDOWS\_vmtxp.ini
[2011/04/11 17:55:07 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Adobe PNG Format CS5 Prefs
[2011/04/11 17:53:37 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Adobe BMP Format CS5 Prefs
[2011/01/23 23:07:15 | 000,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2011/01/23 22:59:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2011/01/23 22:58:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2011/01/23 22:58:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2011/01/23 22:58:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2011/01/23 22:58:57 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2011/01/13 01:44:53 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2011/01/13 01:44:53 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2011/01/13 01:44:52 | 000,149,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2011/01/13 01:42:39 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/01/02 22:20:55 | 000,112,200 | ---- | C] () -- C:\WINDOWS\bioapi100.dll
[2010/12/02 22:27:24 | 000,001,640 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/11/21 15:31:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/11/21 15:31:09 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/21 15:31:09 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/21 15:31:08 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/20 02:36:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\housecall.guid.cache
[2010/11/13 00:22:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/11/12 22:49:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/11 21:30:51 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ATWTUSB.EXE
[2010/11/11 21:30:51 | 000,097,952 | ---- | C] () -- C:\WINDOWS\RmTablet.exe
[2010/11/11 21:30:51 | 000,005,511 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2010/11/04 21:52:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/30 04:33:36 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\SAS7_000.DAT
[2010/10/28 19:44:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/27 11:05:49 | 000,001,108 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/05 14:36:02 | 000,236,032 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 14:46:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2010/09/08 22:54:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2009/10/28 15:29:40 | 000,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/07/18 07:08:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/17 11:26:42 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/07/17 07:11:06 | 006,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008/07/17 06:53:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/17 06:47:49 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/07/17 06:39:56 | 000,000,794 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/17 06:27:31 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/17 06:25:51 | 001,348,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/07/17 05:40:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/17 05:34:02 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 14:00:00 | 000,515,162 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/04/14 14:00:00 | 000,445,398 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/04/14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 14:00:00 | 000,087,514 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/04/14 14:00:00 | 000,073,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/04/14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/05/02 19:43:30 | 000,149,064 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2007/05/02 19:43:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2005/07/13 14:59:36 | 000,000,169 | ---- | C] () -- C:\WINDOWS\xsensor.ini
[2004/07/22 10:28:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\AtusbDfu.dll
[2003/07/24 22:21:08 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\renMM.dll
[2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/18 16:14:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\therename.dll
[2002/09/18 16:13:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\renogg.dll
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/09/04 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/09/04 15:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/11/17 19:31:04 | 000,003,219 | ---- | C] () -- C:\WINDOWS\System32\mmc.ini

========== LOP Check ==========

[2011/07/07 15:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\.purple
[2011/03/24 19:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Artisteer
[2011/01/07 14:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Auto Traffic Monopoly
[2011/04/24 01:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\bppeng11
[2010/10/28 00:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Convivea
[2011/06/20 14:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CoreFTP
[2011/05/03 20:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DMCache
[2011/04/24 01:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dtmenu1
[2011/06/04 16:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\emesene
[2010/11/28 22:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\enchant
[2011/07/09 14:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2011/01/26 15:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foxit
[2011/01/26 16:02:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foxit Software
[2010/11/28 22:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\gtk-2.0
[2010/12/02 23:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HDRsoft
[2011/03/03 20:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\I2P
[2011/06/01 02:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IBP
[2011/04/28 19:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IDM
[2011/01/22 01:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ImgBurn
[2011/06/10 05:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\LibreOffice
[2010/12/07 20:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\LuckaSoft
[2010/10/28 19:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MSNInstaller
[2011/06/18 19:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MyPhoneExplorer
[2011/03/11 20:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2011/06/17 01:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\QuickScan
[2011/02/28 19:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Scooter Software
[2011/06/18 15:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Serif
[2011/01/22 18:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeamViewer
[2011/02/04 00:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thinstall
[2011/06/28 23:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TightVNC
[2011/05/20 20:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TomTom
[2008/07/17 13:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ulead Systems
[2011/07/02 17:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\uTorrent
[2011/02/21 12:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XMind
[2008/07/17 15:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\BullGuard
[2008/07/17 13:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ulead Systems
[2008/07/17 11:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2011/05/10 18:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2010/11/20 13:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/03/04 16:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2011/01/02 22:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/04/24 01:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/05/26 20:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/12/02 22:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nik Software
[2010/10/30 03:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2011/06/18 14:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010/12/02 22:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/01/20 02:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softomotive
[2010/11/11 21:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tablet
[2011/02/27 02:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/20 20:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/07/17 13:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/06/11 04:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/07/17 15:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\BullGuard
[2008/07/17 13:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Ulead Systems
[2011/01/26 15:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2008/07/17 15:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\openpgsvc\Application Data\BullGuard
[2008/07/17 13:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\openpgsvc\Application Data\Ulead Systems

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/01/07 14:54:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Admin\Local Settings\Application Data\??) -- C:\Documents and Settings\Admin\Local Settings\Application Data\€”
[2011/01/07 14:54:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Admin\Local Settings\Application Data\??) -- C:\Documents and Settings\Admin\Local Settings\Application Data\€”
(C:\Documents and Settings\Admin\Local Settings\Application Data\??) -- C:\Documents and Settings\Admin\Local Settings\Application Data\€”

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFED16F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:302A9871

< End of report >

#15 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 12 July 2011 - 07:28 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKU\S-1-5-21-2712906358-677957095-463043899-1007\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-2712906358-677957095-463043899-1007..\Run: [IBP] File not found
O4 - Startup: C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Démarrage\_uninst_setup_9.0.0.722_17.06.2011_01-03.exe.lnk = File not found
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FFED16F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:302A9871
[2011/01/07 14:54:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Admin\Local Settings\Application Data\??) -- C:\Documents and Settings\Admin\Local Settings\Application Data\€”
[2011/01/07 14:54:55 | 000,000,000 | ---D | M](C:\Documents and Settings\Admin\Local Settings\Application Data\??) -- C:\Documents and Settings\Admin\Local Settings\Application Data\€”
(C:\Documents and Settings\Admin\Local Settings\Application Data\??) -- C:\Documents and Settings\Admin\Local Settings\Application Data\€”
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 4444
IE - HKU\S-1-5-21-2712906358-677957095-463043899-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1:8998
:Files
ipconfig /flushdns /c
:Commands
[PURITY] 
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users