Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32.agent.fbx


  • This topic is locked This topic is locked
29 replies to this topic

#1 leewest76

leewest76

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 16 November 2009 - 09:17 AM

hi guys i have done a scan using spybot and i seem to have this trojan that i cant get rid of it.
Thanks in advance for all your help.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Lee at 15:32:10,93 on 16/11/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vistaâ„¢ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.880 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\system32\FsUsbExService.Exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
C:\Windows\FixCamera.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Advanced Wheel Mouse\wh_exec.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Lee\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Lee\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Users\Lee\AppData\Local\Temp\hijackthis-2.0.2.75917.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lee\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://start.gamenext.fr
uSearch Bar =
mStart Page = hxxp://lo.st
uURLSearchHooks: Search Class: {08c06d61-f1f3-4799-86f8-be1a89362c85} - c:\program files\orange\searchurlhook\SearchPageURL.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {64F56FC1-1272-44CD-BA6E-39723696E350} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IpSharkk] "c:\program files\ipsharkk\IpSharkk.exe" /auto
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [xpjbsldv] "c:\users\lee\appdata\local\xpjbsldv.exe" xpjbsldv
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Orange 8.0)" -"http://www.switchin.net/birdzlaunch.php?partner=bbgames"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\programs\usbtip\USBTip.exe"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KMCONFIG] c:\program files\trust\trust r-series mouse\StartAutorun.exe KMConfig.exe
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [AsioReg] REGSVR32 /S CTASIO.DLL
mRun: [WheelMouse] c:\advanc~1\wh_exec.exe
mRun: [TQ566808] "D:\Setup.exe"
StartupFolder: c:\users\lee\appdata\roaming\micros~1\windows\startm~1\programs\startup\aquari~1.lnk - c:\users\lee\appdata\roaming\aquariogest saltwater\AquarioGestAlarm_EM.exe
StartupFolder: c:\users\lee\appdata\roaming\micros~1\windows\startm~1\programs\startup\outild~1.lnk - c:\users\lee\appdata\roaming\microsoft\live search\Notification-LiveSearch.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: orange.fr\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218295449233&h=48d6fd993d6dacf545a314dc5274fb21/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 208.67.220.220,208.67.222.222

================= FIREFOX ===================

FF - ProfilePath - c:\users\lee\appdata\roaming\mozilla\firefox\profiles\kc4dwnc9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 anf0100.sys;anf0100.sys;c:\windows\system32\drivers\anf0100.sys [2009-6-7 9728]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-8 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-8 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-2-8 53328]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-12-18 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-7-1 233472]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\trust\trust r-series mouse\KMWDSrv.exe [2007-6-8 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-9-15 1153368]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-1 36608]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2007-1-25 6784]
S2 gupdate1c9f1b9dcae1144;Service Google Update (gupdate1c9f1b9dcae1144);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2006-12-4 203264]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2008-5-30 28224]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-5-28 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-5-28 12672]

=============== Created Last 30 ================

2009-11-16 14:12:24 0 d-----w- c:\program files\Trend Micro
2009-11-13 23:55:04 0 d-----w- c:\program files\Windows Portable Devices
2009-11-13 23:54:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-13 23:52:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 14:48:33 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-13 14:48:32 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-13 14:48:32 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-13 14:45:40 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-13 14:45:39 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-13 14:45:39 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-13 08:38:30 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-13 08:33:08 834048 ----a-w- c:\windows\system32\wininet.dll
2009-11-13 08:33:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-13 08:31:49 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-11-13 08:30:47 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-13 08:30:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-13 08:29:51 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-13 08:29:48 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-13 08:23:07 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-12 16:44:36 0 d-----w- c:\programdata\PopCap
2009-11-12 16:43:55 0 d-----w- c:\program files\PopCap Games
2009-11-06 15:32:29 0 d-----w- c:\program files\UnderCoverXP
2009-11-06 15:25:55 0 d-----w- c:\program files\DVDCover+
2009-10-28 08:54:44 0 d-----w- c:\program files\SSS
2009-10-22 09:23:20 0 d-----w- c:\program files\Yahoo!
2009-10-22 09:23:17 0 d-----w- c:\programdata\Oberon Media
2009-10-22 09:22:58 0 d-----w- c:\program files\Jeux.fr

==================== Find3M ====================

2009-11-15 20:58:52 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-15 19:53:38 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-14 07:44:31 49558 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-14 07:44:31 11854 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-13 23:54:58 86016 ----a-w- c:\windows\inf\infpub.dat
2009-11-13 23:54:58 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-13 23:54:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-13 23:54:58 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-02 19:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 15:45:31 139152 ----a-w- c:\users\lee\appdata\roaming\PnkBstrK.sys
2009-08-29 11:19:36 86016 ------w- c:\windows\system32\frapsvid.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-04-11 15:22:53 278528 ----a-w- c:\program files\common files\FDEUnInstaller.exe
2008-06-22 08:57:43 174 --sha-w- c:\program files\desktop.ini
2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-07-26 15:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2009-05-11 13:30:42 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-05-11 13:30:42 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-05-11 13:30:42 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 15:32:37,38 ===============

Attached Files

  • Attached File  dds.zip   2.63KB   13 downloads

Edited by leewest76, 16 November 2009 - 09:38 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 24 November 2009 - 04:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 29 November 2009 - 06:32 AM

sorry for the delay i was out of town. topic is still open i hope. thanks in advance.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 29 November 2009 - 02:55 PM

Hi,

as long as you can post a reply the topic is still open. :( Please post your logs, if you still need help.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 29 November 2009 - 10:31 PM

ok thanks very much. here are the reports.

The first OTL.

OTL logfile created on: 29/11/2009 12:27:50 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,91% Memory free
4,00 Gb Paging File | 3,11 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,98 Gb Total Space | 55,00 Gb Free Space | 39,01% Space Free | Partition Type: NTFS
Drive D: | 700,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 11,68 Gb Total Space | 10,69 Gb Free Space | 91,47% Space Free | Partition Type: NTFS

Computer Name: HOME-PC
Current User Name: Lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/29 12:26:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Lee\Desktop\OTL.exe
PRC - [2009/10/29 08:41:03 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/17 17:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 07:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 08:39:44 | 00,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/04/04 13:26:22 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/03/10 13:03:26 | 00,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:04:40 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Users\Lee\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
PRC - [2008/12/18 14:04:40 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Users\Lee\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
PRC - [2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/05/28 20:03:49 | 00,389,215 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
PRC - [2008/03/20 08:30:24 | 00,284,280 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2008/03/20 08:30:24 | 00,149,112 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2007/11/10 22:31:56 | 00,098,304 | ---- | M] () -- C:\Advanced Wheel Mouse\wh_exec.exe
PRC - [2007/10/11 18:03:10 | 00,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2007/09/20 08:46:42 | 00,634,368 | ---- | M] () -- C:\Program Files\3gp Player\3gpPlayer.exe
PRC - [2007/06/08 23:23:50 | 00,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
PRC - [2007/06/08 10:19:22 | 00,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMCONFIG.exe
PRC - [2007/04/04 10:30:40 | 00,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe
PRC - [2007/03/06 13:51:14 | 00,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe
PRC - [2007/02/12 13:50:40 | 00,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe
PRC - [2006/11/10 10:00:00 | 00,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/10/16 12:50:16 | 00,202,312 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe


========== Modules (SafeList) ==========

MOD - [2009/11/29 12:26:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Lee\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (ACDaemon)
SRV - [2009/09/25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/17 17:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 17:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 17:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 16:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/20 16:14:44 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9f1b9dcae1144) Service Google Update (gupdate1c9f1b9dcae1144)
SRV - [2009/06/20 16:11:01 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/07 08:39:44 | 00,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/04/04 13:26:22 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/01/26 14:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/05/28 20:03:49 | 00,389,215 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe -- (st330service)
SRV - [2008/04/07 08:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/20 08:30:24 | 00,284,280 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/25 18:27:50 | 00,065,536 | ---- | M] (France Telecom SA) -- C:\Program Files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2007/06/08 23:23:50 | 00,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007/05/31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/08/17 17:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/08/17 17:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/17 17:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/08/17 17:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/08/17 17:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/08/05 22:48:42 | 00,054,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/06/14 16:55:05 | 00,271,360 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/06/14 16:55:03 | 00,018,048 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/04/11 05:42:52 | 00,031,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009/04/07 08:39:44 | 00,036,608 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/26 16:39:40 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/10 12:46:34 | 04,172,064 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/11/11 13:42:00 | 00,024,832 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 00,019,968 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 00,013,056 | ---- | M] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/17 23:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/28 20:03:48 | 00,030,464 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\st330.sys -- (ST330)
DRV - [2008/05/28 20:03:48 | 00,012,672 | ---- | M] (THOMSON Telecom Belgium) -- C:\Windows\System32\drivers\stbus.sys -- (STBUS)
DRV - [2008/04/11 10:54:24 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/03/26 13:28:02 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/01/19 06:53:31 | 00,045,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/19 06:53:31 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/19 06:53:28 | 00,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2007/11/18 03:39:50 | 01,040,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/03 17:21:12 | 00,009,728 | ---- | M] (Netmarketing Pawel Wisniewski) -- C:\Windows\System32\drivers\anf0100.sys -- (anf0100.sys)
DRV - [2007/07/03 15:58:20 | 00,106,792 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 15:57:24 | 00,011,944 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 15:54:24 | 00,080,552 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/06/25 01:21:46 | 00,795,672 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\HA10KX2K.SYS -- (ha10kx2k)
DRV - [2007/06/25 01:21:40 | 00,090,648 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\EMUPIA2K.SYS -- (emupia)
DRV - [2007/06/25 01:21:38 | 00,156,696 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2007/06/25 01:21:30 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2007/06/25 01:21:24 | 00,128,024 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2007/06/25 01:21:08 | 00,521,240 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\CTAUD2K.SYS -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/06/25 01:21:04 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\drivers\CTAC32K.SYS -- (ctac32k)
DRV - [2007/06/25 01:19:38 | 00,069,144 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/06/25 01:19:30 | 00,167,448 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/06/25 01:19:20 | 01,322,520 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/06/25 01:19:10 | 00,325,656 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/06/25 01:18:52 | 00,132,632 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/06/25 01:18:46 | 00,278,040 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/06/25 01:18:32 | 00,168,472 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/06/25 01:18:26 | 00,557,592 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/06/25 01:18:16 | 00,546,328 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/06/25 01:16:26 | 00,095,256 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/03/29 14:00:16 | 00,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007/02/15 13:14:28 | 00,019,840 | ---- | M] (Generic) -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2007/01/25 23:45:02 | 00,006,784 | ---- | M] () -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2006/12/12 10:16:06 | 00,022,528 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/12/04 08:36:10 | 00,203,264 | ---- | M] (Pinnacle Systems) -- C:\Windows\System32\drivers\bender.sys -- (BENDER)
DRV - [2006/11/28 20:46:22 | 00,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006/11/28 20:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/12/21 09:14:52 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/10/13 17:19:12 | 08,701,824 | ---- | M] () -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/06/02 17:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/23 16:40:26 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/12/30 12:00:02 | 00,104,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2004/08/13 09:56:20 | 00,005,810 | ---- | M] () -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/05/24 20:29:24 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/04/26 23:31:04 | 00,474,304 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [2002/02/08 01:24:00 | 00,020,641 | ---- | M] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\usbio.sys -- (usbio) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lo.st


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.gamenext.fr
IE - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\orange\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\S-1-5-21-4241853864-1532934991-865925165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {bb628310-0ab7-11db-9cd8-0800200c9a66}:3.1.2.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/17 09:14:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/12 17:43:56 | 00,000,000 | ---D | M]

[2009/02/11 17:06:56 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Extensions
[2009/11/17 09:32:29 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/17 09:13:29 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/17 09:13:30 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/17 09:13:31 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/17 09:13:31 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/17 09:13:30 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/17 09:13:29 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/17 09:13:30 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/17 09:13:31 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/17 09:13:30 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009/11/17 09:13:29 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2009/11/26 17:36:22 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\kc4dwnc9.default\extensions
[2009/05/06 09:06:18 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\kc4dwnc9.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2009/03/25 14:51:55 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\kc4dwnc9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2008/12/16 12:43:47 | 00,000,000 | ---D | M] -- C:\Users\Lee\AppData\Roaming\mozilla\Firefox\Profiles\kc4dwnc9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}(115)
[2009/11/24 18:55:30 | 00,002,163 | ---- | M] () -- C:\Users\Lee\AppData\Roaming\Mozilla\FireFox\Profiles\kc4dwnc9.default\searchplugins\bing.xml
[2008/04/11 10:58:47 | 00,002,921 | ---- | M] () -- C:\Users\Lee\AppData\Roaming\Mozilla\FireFox\Profiles\kc4dwnc9.default\searchplugins\daemon-search.xml
[2009/03/23 21:53:46 | 00,002,123 | ---- | M] () -- C:\Users\Lee\AppData\Roaming\Mozilla\FireFox\Profiles\kc4dwnc9.default\searchplugins\MyStart Search.xml
[2009/03/25 14:51:51 | 00,003,915 | ---- | M] () -- C:\Users\Lee\AppData\Roaming\Mozilla\FireFox\Profiles\kc4dwnc9.default\searchplugins\sweetim.xml
[2009/02/11 17:06:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/09 16:25:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/11/12 17:43:56 | 00,155,648 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2009/08/11 17:56:43 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/08/11 17:56:43 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/11 17:56:43 | 00,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2009/08/11 17:56:43 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/04/07 13:59:38 | 00,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober5449078.gif
[2009/10/22 10:23:17 | 00,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober5449078.src

O1 HOSTS File: (352627 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12087 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsioReg] C:\Windows\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TQ566808] D:\Setup.exe File not found
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WheelMouse] C:\Advanced Wheel Mouse\wh_exec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000..\Run: [3gp Player] C:\Program Files\3gp Player\3gpPlayer.exe ()
O4 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000..\Run: [IpSharkk] C:\Program Files\IpSharkk\IpSharkk.exe (ipsharkk.com)
O4 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AquarioGest Alarm.lnk = C:\Users\Lee\AppData\Roaming\AquarioGest Saltwater\AquarioGestAlarm_EM.exe ()
O4 - Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk = C:\Users\Lee\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\..Trusted Domains: orange.fr ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4241853864-1532934991-865925165-1000\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game13.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/29 12:26:46 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Lee\Desktop\OTL.exe
[2009/11/25 17:25:12 | 00,000,000 | ---D | C] -- C:\Program Files\3GP Player 2009
[2009/11/25 17:15:13 | 00,000,000 | ---D | C] -- C:\Program Files\3gp Player
[2009/11/25 17:09:35 | 00,000,000 | ---D | C] -- C:\Users\Lee\Desktop\Nouveau dossier (2)
[2009/11/25 15:13:37 | 00,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2009/11/25 15:13:37 | 00,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2009/11/25 15:13:36 | 01,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2009/11/25 15:13:33 | 00,000,000 | ---D | C] -- C:\Users\Lee\AppData\Roaming\LG Electronics
[2009/11/25 15:12:11 | 00,000,000 | ---D | C] -- C:\Users\Lee\Documents\LG Electronics
[2009/11/25 13:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2009/11/25 13:39:24 | 00,000,000 | ---D | C] -- C:\LG_USB
[2009/11/25 13:38:28 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2009/11/25 13:38:01 | 00,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2009/11/25 12:28:12 | 00,000,000 | ---D | C] -- C:\Program Files\WorldUnlock Codes Calculator
[2009/11/24 15:47:33 | 00,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2009/11/20 21:51:12 | 00,000,000 | ---D | C] -- C:\Users\Lee\.SunDownloadManager
[2009/11/17 09:59:29 | 00,000,000 | ---D | C] -- C:\Program Files\Hide The IP 2009
[2009/11/17 08:58:06 | 14,863,448 | ---- | C] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[2009/11/16 16:46:01 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/16 15:12:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/14 00:55:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/13 15:48:33 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/13 15:48:32 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/13 15:48:32 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/13 15:47:55 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/13 15:47:55 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/13 15:47:54 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/13 15:47:54 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/13 15:47:54 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/13 15:47:54 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/13 15:47:54 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/13 15:47:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/13 15:47:53 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/13 15:47:53 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/13 15:47:53 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/13 15:47:53 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/13 15:47:53 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/13 15:47:53 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/13 15:47:53 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/13 15:47:53 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/13 15:47:53 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/13 15:47:53 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/13 15:47:53 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/13 15:47:53 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/13 15:47:53 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/13 15:47:53 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/13 15:47:52 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/13 15:47:52 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/13 15:47:52 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/13 15:47:18 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/13 15:47:18 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/13 15:47:10 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/13 15:47:06 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/13 15:47:06 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/13 15:47:06 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/13 15:47:06 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/13 15:47:06 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/13 15:47:06 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/13 15:47:06 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/13 15:47:06 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/13 15:47:06 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/13 15:45:40 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/13 15:45:39 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/13 15:30:23 | 00,317,952 | ---- | C] (appearer) -- C:\Users\Lee\AppData\Local\ufesdc.exe
[2009/11/13 09:38:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/13 09:33:03 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/11/13 09:33:02 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/11/13 09:32:59 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/11/13 09:32:43 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/11/13 09:32:41 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/11/13 09:32:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/11/13 09:32:41 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/11/13 09:32:41 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/11/13 09:32:41 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/11/13 09:32:41 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/11/13 09:32:40 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/11/13 09:32:39 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/11/13 09:31:49 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/11/13 09:31:49 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/11/13 09:31:49 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/11/13 09:31:48 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/11/13 09:31:39 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/11/13 09:31:38 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/11/13 09:31:32 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/13 09:31:28 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/11/13 09:31:19 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/11/13 09:31:18 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/11/13 09:31:09 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/11/13 09:31:08 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/11/13 09:30:47 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/11/13 09:30:44 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/11/13 09:29:51 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/13 09:23:07 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/11/12 21:36:06 | 00,357,888 | ---- | C] (graillon) -- C:\Users\Lee\AppData\Local\wgpyirbk.exe
[2009/11/12 17:44:36 | 00,000,000 | ---D | C] -- C:\ProgramData\PopCap
[2009/11/12 17:43:55 | 00,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2009/11/07 19:02:45 | 00,000,000 | ---D | C] -- C:\Users\Lee\Desktop\Nouveau dossier
[2009/11/07 11:09:53 | 00,000,000 | ---D | C] -- C:\Users\Lee\Desktop\wii jackets
[2009/11/06 16:32:29 | 00,000,000 | ---D | C] -- C:\Program Files\UnderCoverXP
[2009/11/06 16:25:55 | 00,000,000 | ---D | C] -- C:\Program Files\DVDCover+
[2009/10/26 09:16:34 | 00,425,984 | ---- | C] (ingresaré) -- C:\Users\Lee\AppData\Local\sxdiuze.exe
[2009/10/25 11:57:52 | 00,352,256 | ---- | C] (teleta) -- C:\Users\Lee\AppData\Local\bocjwcpm.exe
[2009/07/31 11:37:04 | 00,034,816 | ---- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2009/05/12 12:49:32 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2008/03/26 13:28:02 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Lee\AppData\Roaming\pcouffin.sys
[2005/09/13 00:45:06 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004/02/16 20:59:52 | 00,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/29 12:28:49 | 09,961,472 | -HS- | M] () -- C:\Users\Lee\ntuser.dat
[2009/11/29 12:26:50 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Lee\Desktop\OTL.exe
[2009/11/29 11:54:10 | 00,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/11/29 11:40:00 | 00,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/29 11:38:32 | 03,209,732 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/29 11:38:32 | 02,591,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/29 11:38:32 | 00,049,234 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/11/29 11:38:32 | 00,046,336 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/29 11:38:32 | 00,011,514 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/11/29 11:35:29 | 00,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6EAA344A-A211-4C47-96CD-2B905D70FE31}.job
[2009/11/29 11:31:31 | 00,003,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/29 11:31:31 | 00,003,792 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/29 11:31:11 | 00,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/29 11:31:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/29 11:30:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/29 11:30:45 | 21,459,02592 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 19:13:50 | 00,524,288 | -HS- | M] () -- C:\Users\Lee\ntuser.dat{23fddf9d-cc35-11dd-84c8-0017315ec90e}.TMContainer00000000000000000001.regtrans-ms
[2009/11/28 19:13:50 | 00,065,536 | -HS- | M] () -- C:\Users\Lee\ntuser.dat{23fddf9d-cc35-11dd-84c8-0017315ec90e}.TM.blf
[2009/11/28 19:13:50 | 00,024,912 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000002-80261102}.rfx
[2009/11/28 19:13:50 | 00,024,912 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000002-80261102}.rfx
[2009/11/28 19:13:50 | 00,016,448 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000002-80261102}.rfx
[2009/11/28 19:13:50 | 00,016,448 | ---- | M] () -- C:\Windows\System32\BMXState-{00000001-00000000-00000006-00001102-00000002-80261102}.rfx
[2009/11/28 19:13:50 | 00,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000001-00000000-00000006-00001102-00000002-80261102}.rfx
[2009/11/28 19:13:50 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2009/11/28 19:13:50 | 00,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2009/11/28 19:13:28 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/28 19:13:19 | 02,330,988 | -H-- | M] () -- C:\Users\Lee\AppData\Local\IconCache.db
[2009/11/27 22:10:21 | 00,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/11/27 20:18:04 | 00,137,464 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/27 20:17:55 | 00,214,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/25 17:25:16 | 00,000,823 | ---- | M] () -- C:\Users\Lee\Desktop\3GP Player 2009.lnk
[2009/11/25 17:15:17 | 00,000,036 | -H-- | M] () -- C:\Windows\System32\swk.ini
[2009/11/25 16:40:26 | 00,239,616 | ---- | M] () -- C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/25 15:22:49 | 00,000,642 | ---- | M] () -- C:\Users\Lee\Documents\Setting.ini
[2009/11/25 15:12:34 | 00,001,739 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite III.lnk
[2009/11/25 13:47:19 | 00,002,412 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2009/11/17 09:03:47 | 14,863,448 | ---- | M] (JonDos GmbH) -- C:\ProgramData\JonDoFox.paf.exe
[2009/11/17 08:40:54 | 00,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2009/11/16 15:27:45 | 00,523,776 | ---- | M] () -- C:\Users\Lee\Desktop\dds.scr
[2009/11/16 15:12:24 | 00,001,834 | ---- | M] () -- C:\Users\Lee\Desktop\HijackThis.lnk
[2009/11/16 14:13:58 | 00,000,089 | ---- | M] () -- C:\Users\Lee\AppData\Local\cysso.bat
[2009/11/16 14:12:45 | 00,352,627 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/16 09:23:52 | 00,000,087 | ---- | M] () -- C:\Users\Lee\AppData\Local\euykm.bat
[2009/11/15 18:47:41 | 29,987,1213 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/15 10:48:52 | 00,327,680 | ---- | M] () -- C:\Users\Lee\AppData\Local\rokhlifc.exe
[2009/11/14 09:31:50 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/11/14 00:54:46 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/14 00:52:37 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/13 15:30:23 | 00,317,952 | ---- | M] (appearer) -- C:\Users\Lee\AppData\Local\ufesdc.exe
[2009/11/13 15:28:21 | 00,321,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/12 21:36:06 | 00,357,888 | ---- | M] (graillon) -- C:\Users\Lee\AppData\Local\wgpyirbk.exe
[2009/11/06 16:32:29 | 00,000,752 | ---- | M] () -- C:\Users\Lee\Desktop\UnderCoverXP.lnk
[2009/11/06 16:25:56 | 00,000,737 | ---- | M] () -- C:\Users\Lee\Desktop\DVDCover+.lnk
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/25 17:25:16 | 00,000,823 | ---- | C] () -- C:\Users\Lee\Desktop\3GP Player 2009.lnk
[2009/11/25 17:15:17 | 00,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini
[2009/11/25 15:12:34 | 00,001,739 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite III.lnk
[2009/11/25 13:38:28 | 00,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009/11/25 13:38:28 | 00,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/11/25 08:59:12 | 00,000,642 | ---- | C] () -- C:\Users\Lee\Documents\Setting.ini
[2009/11/17 09:59:32 | 00,173,384 | ---- | C] () -- C:\Windows\System32\AVLibrary.dll
[2009/11/16 15:27:40 | 00,523,776 | ---- | C] () -- C:\Users\Lee\Desktop\dds.scr
[2009/11/16 15:12:24 | 00,001,834 | ---- | C] () -- C:\Users\Lee\Desktop\HijackThis.lnk
[2009/11/15 10:48:52 | 00,327,680 | ---- | C] () -- C:\Users\Lee\AppData\Local\rokhlifc.exe
[2009/11/14 00:54:46 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/14 00:52:37 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/13 09:31:49 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/11/06 16:32:29 | 00,000,752 | ---- | C] () -- C:\Users\Lee\Desktop\UnderCoverXP.lnk
[2009/11/06 16:25:56 | 00,000,737 | ---- | C] () -- C:\Users\Lee\Desktop\DVDCover+.lnk
[2009/10/09 11:35:17 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009/08/29 12:38:12 | 00,001,349 | ---- | C] () -- C:\Users\Lee\AppData\Local\jdsfapkf_navps.dat
[2009/07/31 11:37:10 | 00,003,072 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009/07/31 11:37:04 | 00,061,318 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/07/31 11:37:04 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2009/07/31 11:37:04 | 00,000,269 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2009/07/31 11:37:04 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/07/27 17:02:44 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/27 17:02:44 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/07/27 16:55:36 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/07/01 12:42:36 | 00,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/07/01 12:42:36 | 00,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/06/18 16:35:44 | 00,000,089 | ---- | C] () -- C:\Users\Lee\AppData\Local\cysso.bat
[2009/06/14 16:55:05 | 00,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/06/14 16:55:03 | 00,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/06/11 11:26:36 | 00,000,087 | ---- | C] () -- C:\Users\Lee\AppData\Local\euykm.bat
[2009/06/07 09:24:06 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/28 14:20:29 | 00,237,568 | R--- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/05/15 23:21:50 | 00,000,600 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\winscp.rnd
[2009/05/13 17:06:55 | 00,076,407 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\Smiley.ico
[2009/05/07 09:59:45 | 00,000,027 | ---- | C] () -- C:\Windows\CDE DX4000EFDG.ini
[2009/05/05 14:52:39 | 00,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2009/04/11 16:22:53 | 00,278,528 | ---- | C] () -- C:\Program Files\Common Files\FDEUnInstaller.exe
[2009/04/04 13:25:27 | 00,137,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/03/31 19:41:09 | 00,000,280 | ---- | C] () -- C:\Windows\game.ini
[2009/03/31 17:34:16 | 00,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2008/10/26 18:16:23 | 00,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/10/08 09:54:47 | 00,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/10/08 09:25:59 | 00,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2008/10/08 09:25:59 | 00,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2008/10/08 09:25:59 | 00,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2008/10/08 09:25:59 | 00,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2008/10/08 09:25:59 | 00,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2008/08/24 09:05:49 | 00,111,615 | ---- | C] () -- C:\ProgramData\BM53507648.xml
[2008/08/24 09:05:49 | 00,103,394 | ---- | C] () -- C:\ProgramData\BM53507648.txt
[2008/07/18 08:11:03 | 00,001,356 | ---- | C] () -- C:\Users\Lee\AppData\Local\d3d9caps.dat
[2008/05/31 08:53:59 | 00,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/05/04 11:28:00 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/04/11 11:18:19 | 00,139,152 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\PnkBstrK.sys
[2008/04/11 10:54:24 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/03/26 13:29:52 | 00,000,668 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\vso_ts_preview.xml
[2008/03/26 13:28:02 | 00,087,608 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\inst.exe
[2008/03/26 13:28:02 | 00,007,887 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\pcouffin.cat
[2008/03/26 13:28:02 | 00,001,144 | ---- | C] () -- C:\Users\Lee\AppData\Roaming\pcouffin.inf
[2008/03/16 19:43:46 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/03/16 19:43:46 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/03/14 11:20:03 | 00,239,616 | ---- | C] () -- C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 03:05:44 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/21 03:04:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/02/21 03:04:16 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/02/21 03:03:24 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/08 16:13:44 | 00,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll
[2007/10/25 16:26:10 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/02/05 19:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007/01/25 23:45:02 | 00,006,784 | ---- | C] () -- C:\Windows\System32\drivers\whfltr2k.sys
[2006/11/06 11:16:00 | 00,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/11/06 11:16:00 | 00,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/06/12 20:43:22 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/01/20 18:56:58 | 00,086,016 | ---- | C] () -- C:\Windows\System32\Machinist2.dll
[2005/10/13 17:19:12 | 08,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2004/08/13 09:56:20 | 00,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2004/03/26 09:56:40 | 00,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/02/28 00:36:18 | 00,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F4CA4D70
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >


EXTRAS.

OTL Extras logfile created on: 29/11/2009 12:27:50 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Lee\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,91% Memory free
4,00 Gb Paging File | 3,11 Gb Available in Paging File | 77,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,98 Gb Total Space | 55,00 Gb Free Space | 39,01% Space Free | Partition Type: NTFS
Drive D: | 700,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 298,09 Gb Total Space | 297,99 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 11,68 Gb Total Space | 10,69 Gb Free Space | 91,47% Space Free | Partition Type: NTFS

Computer Name: HOME-PC
Current User Name: Lee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Orange\Launcher\Launcher.exe (France Telecom SA)

[HKEY_USERS\S-1-5-21-4241853864-1532934991-865925165-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Orange\Launcher\Launcher.exe" -appid serviceweb -args %1 (France Telecom SA)
htmlfile [opennew] -- "C:\Program Files\Orange\Launcher\Launcher.exe" -appid serviceweb -args %1 (France Telecom SA)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Orange\Launcher\Launcher.exe" -appid serviceweb -args %1 (France Telecom SA)
https [open] -- "C:\Program Files\Orange\Launcher\Launcher.exe" -appid serviceweb -args %1 (France Telecom SA)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orange\Connectivity\ConnectivityManager.exe" = C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{058B79E8-1C03-455E-B729-41BE07A3C4F4}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{10160C16-1206-4C16-B1BD-6931DBAE6946}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CAFF4BBE-AB2F-468D-8344-1A1AC0CBD2AC}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{D28A124C-9565-4426-9D0D-FE13496E4FD7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BDB0C-89F9-42D8-A014-A3EDE0B8A04D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{07DC46FD-1362-4C90-8933-968DC0D24245}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{09101C5E-4749-4999-A57E-236D63A90A1F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0A1F5FCF-0D5F-4316-9543-0D7179E8B3A0}" = protocol=17 | dir=in | app=f:\programs\studio.exe |
"{0CC375A2-DF04-48A4-A32A-007995EC181A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0EADBEE6-5379-4564-B45C-16785E81F742}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0F82E963-A928-40CC-AC40-AFB2E7DD03CF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{10377949-1C68-44CE-8B61-4665104BED22}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{143457D1-4419-4932-846E-076B723BF8BA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{152F9DBF-49FF-4934-ACD3-5AF438D3A8C0}" = protocol=17 | dir=in | app=c:\program files\speedbit video accelerator\videoacceleratorengine.exe |
"{17DDF0BB-5946-49EF-9C15-6AD18162448B}" = protocol=17 | dir=in | app=k:\program files\pinnacle\studio 12\programs\umi.exe |
"{191A88E0-DF38-4FD6-9BE9-88C6A2A6655C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1A7F2B7C-9B42-487B-8E30-5721EB1D259D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{20383569-CC4B-4BDC-83DF-E471336A5470}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2250F73E-7804-4E1A-BB9F-8C41DE10BB36}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22B911E4-AFEC-4610-9F89-DEA9C0A5441E}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{258917D0-B37C-4AFD-BEF0-0C5AFF17AA5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26DCB626-9A65-40EC-A945-BDC4DC8337FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{299EE214-9EA8-4AA2-BB19-445F87B6C360}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2AA613FA-07C8-4D7E-A8E7-80AE63058B2C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D92C8FE-2B95-4532-8133-DE8D8EC367DD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F1C7B91-DF04-4266-9255-9CB5E58C1338}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F51B43F-250B-4307-B99E-0A83F76C5E07}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{304B9A46-F0AE-49DD-A97B-7C11A2958A86}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36EFE13B-D600-44CB-AA95-D389D5D3FD96}" = protocol=6 | dir=in | app=k:\program files\pinnacle\studio 12\programs\umi.exe |
"{39FF6D10-EE3A-43B8-A971-0C4A5B721BD9}" = protocol=6 | dir=in | app=k:\program files\pinnacle\studio 12\programs\rm.exe |
"{3A1EF53C-98DE-43BB-B0C4-C31A87706BC1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3ADFFB9D-0A0D-41D0-B305-69919F50CB17}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B0E2ACB-A2BE-4F18-BE55-233A9610CC7C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3BAFEAE1-FDCE-4183-9701-0FFB91E338BF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3CC7516C-1E9F-4C66-AF0B-F7E70E7FCDC2}" = protocol=6 | dir=in | app=f:\programs\umi.exe |
"{3EB9F9E9-5173-4755-B143-FA2E8BF921E3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40BBD226-FE21-42AE-BB75-711381D5A97A}" = protocol=17 | dir=in | app=f:\programs\umi.exe |
"{440FD05B-96BE-4B65-8FFD-89CB1614EDCD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{458503F6-76AC-4BE0-A60B-F3E74DBB46DE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{48157A5A-53D9-485A-862A-998ACD45A241}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4956C34C-737C-4D5B-B73E-4C848C3D80E1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4DB38E16-3415-4369-B6D5-212CBF53346D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E74993F-8388-48D7-BC7C-28C362BAEB39}" = protocol=6 | dir=in | app=c:\program files\winscp\winscp.exe |
"{4FB390FC-B763-424A-A355-DC9DD0327D78}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{53AC80C6-19AA-43DE-8042-A0528836080F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54F6CAD6-C3BD-462A-BB1E-81002B831FA9}" = protocol=6 | dir=in | app=k:\program files\pinnacle\studio 12\programs\studio.exe |
"{57EA4B50-06A4-4C74-AC12-C22B10672B37}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B744A1D-EBCE-44AF-9BBA-A6B00124D70A}" = protocol=17 | dir=in | app=c:\program files\hide the ip 2009\hidetheip.exe |
"{5C32442C-8023-4400-ABC5-9DCD89A6691D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5CC9CBED-2F19-4D37-B2B2-0C511349ED84}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{60599D24-E851-416C-9E68-032DFFE52723}" = protocol=6 | dir=in | app=c:\program files\speedbit video accelerator\videoaccelerator.exe |
"{61116588-9EF2-425B-B968-3282BA518CB8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{617E0AD9-898E-414B-957E-8B76A93B7934}" = protocol=17 | dir=in | app=c:\program files\ipsharkk\ipsharkk.exe |
"{62FFCB55-508E-40BE-8160-2E23104D8337}" = protocol=17 | dir=in | app=k:\program files\pinnacle\studio 12\programs\rm.exe |
"{63A65B1F-A2CC-4CBC-937B-BE51DCC80F85}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6482C36A-A25A-4C9B-A12D-1C713391603C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{64C59894-E1A2-49DF-9F75-E3B84D9F2C8C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{656A3AFD-5614-4C15-978C-9ABB3C1A2677}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{662A22CD-C997-4F73-B461-491CF557AA47}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{690A1166-4CD1-4965-87B5-85B7FDCDA90E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69DFDE79-E8A4-4AC0-AF0B-FFFFC5C355E0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{69E01575-B655-4A92-B165-83A729AA85C3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A868F3C-B13D-4193-8C41-77F5B7742B81}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C12AA5C-38CB-4729-AC63-64D786ED5CD4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D0830A8-DF6C-473A-A2D0-A71C796A3B93}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{6D0FAAFC-A94F-4C0B-AE70-4324D17574F1}" = protocol=17 | dir=in | app=c:\program files\mio technology\speedcam tool\speedcam.exe |
"{6E15F409-A302-4B3F-951A-8D700B2954F9}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{6ED86111-075E-4589-92FD-6AF0A86253FC}" = protocol=6 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe |
"{726199A6-C7E6-4344-A142-5D5540CCE9D9}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{733DAD9A-47A8-4ACE-A3A6-F75B17F96B83}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7AECAD30-3187-4915-A243-645587BD03A4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C9F0204-96A4-41B9-B04E-B5D958009043}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7CA4AF13-E3CF-4A80-B937-4AD87ED6E5D6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CAEEA05-F023-4319-990F-7CE70ACD3032}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7E162D1F-DA73-41C0-9874-15130918695D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{80E18BD7-5FEF-4894-8EC4-A7A507CF16A6}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{84EFA02E-1A32-48E6-BB02-4173C188F438}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{86EBD3E7-9851-4929-B8B5-C8A28835F4B2}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{877383CF-2760-475B-AF76-917AF818087A}" = protocol=17 | dir=in | app=c:\program files\speedbit video accelerator\videoaccelerator.exe |
"{888732C9-A58D-4D18-97FF-9AFC3AF7CC06}" = protocol=17 | dir=in | app=f:\programs\rm.exe |
"{8961C1F4-0403-4CC3-974A-D73A92668D9A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8A360BF1-669E-4961-A5DE-6753D2718466}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C5A0DC9-037B-425A-A374-06B6307FE14C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8FEBCA7F-0EF1-4FFA-99BD-3AA631D1C9A2}" = protocol=6 | dir=in | app=c:\users\lee\appdata\roaming\aquariogest saltwater\aquariogest_em.exe |
"{908634EC-4B5B-41FD-A6D9-362D09249C0A}" = protocol=6 | dir=in | app=f:\programs\studio.exe |
"{916B61A2-FF33-41A3-8D3F-4AB099201FAE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{93FB7D02-930D-4BCF-94A4-DE40BC127B17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{974C3590-391E-4DC5-8537-A68F390ABEE4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97A0519F-C0D6-46B8-95CC-2002E064D2E3}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97C5FFEB-F244-4F98-9D81-43BB2264A091}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{988146AF-68BB-4E72-A908-DC9CC70B0148}" = protocol=17 | dir=in | app=k:\program files\pinnacle\studio 12\programs\studio.exe |
"{991BBCB2-3D53-41B7-B0CF-4FFC59F8F760}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9A9DC11A-C45B-4F5C-9D6F-35C6AB84D69B}" = protocol=17 | dir=in | app=c:\program files\winscp\winscp.exe |
"{9AEC8170-7322-4807-AA74-782E1BF39D8C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C1A39E5-6CBA-489D-917B-5CC3824254DE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CE62453-1D9B-43D0-A2B7-BEC728B433FA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A0363D65-F036-44F6-98BA-F85C4BA845F0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A0431676-6EE9-4F77-99D2-1B2F78C33618}" = protocol=6 | dir=in | app=c:\program files\mio technology\speedcam tool\speedcam.exe |
"{A0709949-9867-4252-9790-79A5CBA02E20}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A27A3F0A-B6CD-4BC8-9941-24A0629C8889}" = protocol=17 | dir=in | app=c:\users\lee\appdata\roaming\aquariogest saltwater\aquariogest_em.exe |
"{A322025F-6CDE-4B80-BD75-853134A44B57}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A59FFC94-F494-4600-886B-313B4A57DE6B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A5EC1050-EFD8-4A4C-BBEA-DDAF6D69AAF8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A60A6EDA-31AB-48D4-89DB-1684CBAFAC93}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A622A18E-E142-414A-8486-FF998FC94BB4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A6852590-9714-410C-9D21-DFE5985EE9B6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A6CC4A05-CD2E-4E71-A0CA-1806C5FE57D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AB4B845D-53DD-4B97-889A-2F67C8AF5A0B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE6B4E98-767C-4C4C-9D51-AC778ABFC07E}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{B069D090-B304-43DE-A6BF-9C20EE193E72}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0D6D05B-DE8C-4948-BD74-9A038BAC4F4F}" = protocol=6 | dir=in | app=c:\program files\speedbit video accelerator\videoacceleratorengine.exe |
"{B2933D7E-C2AC-4417-B5A2-418479A5E75C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B354419F-72D9-4D81-AC13-3B63878BFCFB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B5500CC1-B6A7-4A3B-8D29-42FD2CEB1F49}" = protocol=6 | dir=in | app=c:\program files\hide the ip 2009\hidetheip.exe |
"{B7527890-262E-401B-BE46-8E66E8742F2D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B8133E8D-EBBF-45AE-AF3A-43DF317A8ECE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BA2AACFD-C781-4818-BB70-A4E05CA136FA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C03B59F3-4C4E-40EB-A8FA-AC78B1260509}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C259FFAF-DE23-49A8-98FC-C8D82FBBC847}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C34F00D3-1B44-4DEA-8521-19491CA89855}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C3778F20-C9F6-4FF6-8E1C-BE7CBA6A5187}" = protocol=6 | dir=in | app=c:\program files\teamspeak2_rc2\teamspeak.exe |
"{C82EA876-E2A4-4394-AB7A-3BAEF1D4CF40}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C8ACF739-05B4-494D-ACCD-9E60040FC1A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C92C5949-972F-4705-A014-2F34814CF40D}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{C99B8D3D-03F3-41F2-A5B2-DAEA6151F3F5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9F2A6BC-3F05-46DB-9A35-3543B1A4D4C3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA589267-0627-4AEF-88C0-72424C18DF96}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CAC4F393-1EAB-413B-8710-7F87640982F8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CAD0EC27-7F10-48D1-932D-F408A595E706}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CD8316A0-2660-4F9B-A84C-BE50461A8887}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CEB0C79E-D041-41DF-B5D7-EDD425A8AF13}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{D2C39509-AA41-4827-84BD-BDB2114942F9}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D3AD0001-2A55-48E1-9D65-E099272D9701}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D40CD73C-E686-42CD-BA90-6443D420EDC6}" = protocol=6 | dir=in | app=c:\program files\ipsharkk\ipsharkk.exe |
"{D75BA957-2359-4E9F-AEF0-01A72B112A9F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D815C834-BAAA-4458-A6B1-7B8464A49DD9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DACE24B4-2297-4479-94EA-3AE8EA99A109}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DB6F65CC-C3CB-462F-90D4-B4E370B2E1CF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DCFD310C-9809-4952-9DE1-431CEA6604E7}" = protocol=17 | dir=in | app=c:\program files\call of duty 4 - modern warfare\iw3mp.exe |
"{DDB05007-66EB-4F6A-ABDF-F870B83E4289}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E06DE102-CCCF-4B76-B949-CACA7B87C564}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E4092B0D-724C-4157-8A12-D8945AA804A4}" = protocol=6 | dir=in | app=f:\programs\rm.exe |
"{E4B8F9EB-EAAD-4195-A746-8A2DD5FDE76F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E5866A5D-CC4C-4B08-9999-D1C903AF2012}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E992E635-99BF-42A2-8438-E5555FE5DAEF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{EE6678E3-8162-4BE0-99AD-DF26081D445F}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F1E538BB-FB7A-4D20-942D-218DBC27A466}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1FDB31C-4389-4272-9140-9E39266524C5}" = protocol=17 | dir=in | app=c:\program files\teamspeak2_rc2\teamspeak.exe |
"{F6803289-2551-4B09-BF64-4E61F8F43B53}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F76E5575-4E7F-46DC-962F-424B9033BC91}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F779A9E2-F4E1-416F-96B8-32194A3C3000}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{FA4CF276-C3E4-4512-BB41-03C41024D18F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FA8E04BE-4DB2-4443-A9C0-F6C09A36670B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC8AFCDD-0E26-4E2D-B61B-23F69D04F698}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FD3C25CD-8F44-46C2-B8A2-F1F0EB763A99}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE760305-FE3B-43D6-A7FC-5B34232A280D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{08A8DB1E-5C36-4194-8C45-13E462A07AB4}C:\program files\thomson speedtouch\st330\webinstaller\sthiw\stinstall.exe" = protocol=6 | dir=in | app=c:\program files\thomson speedtouch\st330\webinstaller\sthiw\stinstall.exe |
"TCP Query User{0F04D951-1DA7-4EDA-A233-7DCF78D10CEE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{31DD190B-4880-4AE3-ACD9-EDD3110F9638}C:\program files\gpotato.eu\street gears\streetgear.exe" = protocol=6 | dir=in | app=c:\program files\gpotato.eu\street gears\streetgear.exe |
"TCP Query User{391D99F8-0496-47E8-8456-C071E96B4C12}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{3A47B672-874A-48B0-A243-62CE0BB66344}C:\program files\teamspeak2_rc2\server_windows.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak2_rc2\server_windows.exe |
"TCP Query User{3E037861-754C-4D41-8A37-E86BB3A88D04}C:\program files\goftp\goftp.exe" = protocol=6 | dir=in | app=c:\program files\goftp\goftp.exe |
"TCP Query User{4AE68E31-1FDB-4871-9A56-692E84C07FCF}C:\program files\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=c:\program files\monte cristo\silverfall\silverfall.exe |
"TCP Query User{4D6F3B85-A5CD-4A17-81F5-E0687BEE6AF0}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{74134C6E-FF69-4C36-99F2-461BF28B7B70}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe |
"TCP Query User{793D5EAA-4EB3-414C-8E70-1DF28611D72E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9B7A003E-E9B5-451F-945F-B94C9338A972}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe |
"TCP Query User{A18CB61D-424F-42D5-B5D4-15D3803B952B}C:\users\lee\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\lee\program files\utorrent\utorrent.exe |
"TCP Query User{AF2B064C-7B6D-4072-AF42-FA9EB826E427}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B1C7652E-E94E-405A-823C-4E2346D0BE74}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"TCP Query User{B71032C0-5C66-4A50-B75F-36102CC0A07F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BBF59899-F751-4034-99E7-B9C065AA906D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{C7135D9B-4960-4D00-BCA7-A4A5422A81AF}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{CAB46DF5-B0B6-49B8-8870-BBBBCC867BE8}C:\users\lee\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\lee\desktop\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{D398B78B-08D1-4134-BCD1-CA9F1E3C6C9A}C:\program files\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files\ventsrv\ventrilo_srv.exe |
"UDP Query User{07492BA1-B057-4511-A820-057C860B4D3F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{0CDB9641-474F-4A8D-807F-628B70D0A32C}C:\program files\thomson speedtouch\st330\webinstaller\sthiw\stinstall.exe" = protocol=17 | dir=in | app=c:\program files\thomson speedtouch\st330\webinstaller\sthiw\stinstall.exe |
"UDP Query User{14493DE9-3678-4EAE-8FE0-130C3BC5E7E2}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{2F486FB8-D336-435B-9665-7539B5EF9551}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{30256C08-3F90-4DFF-A758-4384181AD5C6}C:\users\lee\desktop\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\lee\desktop\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{31F72330-2B8A-4D70-96DD-2849671DBE70}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{3449D041-ECAB-4E90-9BD8-36B94FFA491E}C:\program files\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=c:\program files\monte cristo\silverfall\silverfall.exe |
"UDP Query User{3D6F2E29-F5C3-477C-A7EA-F2CB50C8F337}C:\program files\gpotato.eu\street gears\streetgear.exe" = protocol=17 | dir=in | app=c:\program files\gpotato.eu\street gears\streetgear.exe |
"UDP Query User{59AE89B1-2870-446B-89F8-078F1DC20B0E}C:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\worms 4 mayhem\worms 4 mayhem.exe |
"UDP Query User{693A7441-96D4-4607-AF53-D1FE5EBEC5DE}C:\program files\goftp\goftp.exe" = protocol=17 | dir=in | app=c:\program files\goftp\goftp.exe |
"UDP Query User{75734194-42B4-48E6-A005-19219AB94402}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9AA1F795-A3EC-4758-B745-75AF57C00ED0}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{AB19E5AE-9EEA-42BB-8D51-6512CD9585C8}C:\program files\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files\ventsrv\ventrilo_srv.exe |
"UDP Query User{AFD4C2C7-E1C6-42A6-A54C-C47A0038A5DF}C:\users\lee\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\lee\program files\utorrent\utorrent.exe |
"UDP Query User{C548E996-AD5F-4741-97C3-0C2B2D880C16}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe |
"UDP Query User{C7673CB3-B9B2-4F06-AED5-41A848D80D92}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe |
"UDP Query User{CD59CB05-EB96-4619-BA61-76BDC8A0E762}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DFBF77FA-AA69-498B-9FD8-1A9AC67A52F3}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{E540CAD2-F867-4F2B-8829-3FD8C48B613C}C:\program files\teamspeak2_rc2\server_windows.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak2_rc2\server_windows.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2375ea95-24e5-4050-acf6-191477ef7f85}" = Nero 9
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-385C
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40B3D357-96DE-4889-A8F4-C533A39E3608}" = CrazyTalk v4.0 Media Studio
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{718666FC-C0A7-4DE7-9120-8F1746A90588}" = Trust R-Series Mouse
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Gestionnaire pour appareils Windows Mobile
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7044E25-3038-4A76-9064-344AC038043E}" = Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFB03DEC-2711-43E0-A6EF-6561391A5307}" = NetObjects Fusion 11.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{F9B6453F-2557-4C56-9C80-1BBCE8B77792}_is1" = PC Updater
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{ORAHSS}.Browser" = Navigateur Orange
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"3gp Player" = 3gp Player
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AGEIA PhysX v2.4.4" = AGEIA PhysX v2.4.4
"AquarioGest Saltwater_is1" = AquarioGest Saltwater
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CoD RconTool 10" = CoD RconTool 10
"DVD Flick_is1" = DVD Flick
"DVDCover+_is1" = DVDCover+ 2.0
"DVDneXtCOPY" = DVDneXtCOPY
"EasyBCD" = EasyBCD 1.7.1
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free Registry Fix" = Free Registry Fix 5.0
"Free Window Registry Repair" = Free Window Registry Repair
"Google Chrome" = Google Chrome
"Google Updater" = Outil de mise à jour Google
"HijackThis" = HijackThis 2.0.2
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{718666FC-C0A7-4DE7-9120-8F1746A90588}" = Trust R-Series Mouse
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IpSharkk_is1" = IpSharkk 2.5
"Machinist2DLL" = Machinist2DLL
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Messenger Plus! Live" = Messenger Plus! Live & Sponsor (CiD)
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Plugin de navigateur PopCap" = PopCap Browser Plugin
"Poster Forge" = Poster Forge 1.02
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 1.47
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"UnderCoverXP_is1" = UnderCoverXP 1.22
"Wakfu" = Wakfu
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 4.2.1 beta
"WinZip" = WinZip
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4241853864-1532934991-865925165-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search
"Monopoly Deluxe" = Monopoly Deluxe
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 04/04/2009 11:40:59 | Computer Name = Home-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\conime.exe failed, 00000005.

[ Application Events ]
Error - 09/09/2009 02:35:54 | Computer Name = Home-PC | Source = LoadPerf | ID = 3012
Description =

Error - 09/09/2009 04:05:13 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Application défaillante iztffalf.exe, version 3.6.5.9, horodatage
0x3f39419b, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code
d’exception 0xc0000005, décalage d’erreur 0x063b15b0, ID du processus 0x970, heure
de début de l’application 0x01ca311707a6660a.

Error - 09/09/2009 10:36:46 | Computer Name = Home-PC | Source = LoadPerf | ID = 3012
Description =

Error - 09/09/2009 10:58:09 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Application défaillante iztffalf.exe, version 3.6.5.9, horodatage
0x3f39419b, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code
d’exception 0xc0000005, décalage d’erreur 0x05f66690, ID du processus 0xa18, heure
de début de l’application 0x01ca315a3b82c6c4.

Error - 10/09/2009 09:32:16 | Computer Name = Home-PC | Source = LoadPerf | ID = 3012
Description =

Error - 10/09/2009 09:48:25 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Application défaillante iknprt.exe, version 4.0.0.2, horodatage 0x47fa53e0,
module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception
0xc0000005, décalage d’erreur 0x042147f0, ID du processus 0xc64, heure de début
de l’application 0x01ca321a77584cad.

Error - 11/09/2009 03:36:54 | Computer Name = Home-PC | Source = LoadPerf | ID = 3012
Description =

Error - 11/09/2009 04:20:21 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Application défaillante iztffalf.exe, version 3.6.5.9, horodatage
0x3f39419b, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code
d’exception 0xc0000005, décalage d’erreur 0x0624bfb8, ID du processus 0x970, heure
de début de l’application 0x01ca32b1fa3daf1d.

Error - 12/09/2009 01:38:46 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Application défaillante iztffalf.exe, version 3.6.5.9, horodatage
0x3f39419b, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code
d’exception 0xc0000005, décalage d’erreur 0x05d28d48, ID du processus 0x94c, heure
de début de l’application 0x01ca336aabf806d7.

Error - 12/09/2009 01:39:43 | Computer Name = Home-PC | Source = LoadPerf | ID = 3012
Description =

[ System Events ]
Error - 19/11/2009 05:21:50 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 19/11/2009 05:22:17 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 19/11/2009 05:22:19 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 19/11/2009 05:22:20 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 19/11/2009 05:37:55 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 19/11/2009 05:37:57 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 19/11/2009 05:37:59 | Computer Name = Home-PC | Source = cdrom | ID = 262151
Description = Le périphérique \Device\CdRom0 comporte un bloc défectueux.

Error - 24/11/2009 10:44:56 | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 24/11/2009 10:44:56 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 24/11/2009 10:44:56 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Thanks so much for your help..

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 01 December 2009 - 08:16 AM

Hi,

please provide a log from gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Do you have any problems with your PC right now? Do you get redirected or have pop ups?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 02 December 2009 - 11:45 AM

I did the scan normally but it kept crashing the system so i did it in safe mode.



GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-02 17:36:45
Windows 6.0.6002 Service Pack 2
Running: v9ph4zy1.exe; Driver: C:\Users\Lee\AppData\Local\Temp\kxldipow.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 84456BF8
INT 0x53 ? 8564CF00
INT 0x62 ? 84456BF8
INT 0x63 ? 84456BF8
INT 0xB3 ? 84456BF8
INT 0xB4 ? 8564CF00

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8521D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 8521D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 8521D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-6 8521D1F8
Device \Driver\atapi \Device\Ide\IdePort0 8521D1F8
Device \Driver\atapi \Device\Ide\IdePort1 8521D1F8
Device \Driver\atapi \Device\Ide\IdePort2 8521D1F8
Device \Driver\atapi \Device\Ide\IdePort3 8521D1F8
Device \Driver\atapi \Device\Ide\IdePort4 8521D1F8
Device \Driver\atapi \Device\Ide\IdePort5 8521D1F8
Device \Driver\cdrom \Device\CdRom0 85694500
Device \Driver\cdrom \Device\CdRom1 85694500
Device \Driver\iScsiPrt \Device\RaidPort0 856A01F8
Device \Driver\usbehci \Device\USBFDO-1 8567D1F8
Device \Driver\usbehci \Device\USBPDO-1 8567D1F8
Device \Driver\usbohci \Device\USBFDO-0 855D61F8
Device \Driver\usbohci \Device\USBPDO-0 855D61F8
Device \Driver\USBSTOR \Device\0000006a 856741F8
Device \Driver\USBSTOR \Device\0000006b 856741F8
Device \Driver\USBSTOR \Device\0000006c 856741F8
Device \Driver\USBSTOR \Device\0000006d 856741F8
Device \Driver\USBSTOR \Device\0000006e 856741F8
Device \Driver\volmgr \Device\HarddiskVolume1 8521B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8521B1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8521B1F8
Device \Driver\volmgr \Device\HarddiskVolume4 8521B1F8
Device \Driver\volmgr \Device\HarddiskVolume5 8521B1F8
Device \Driver\volmgr \Device\HarddiskVolume6 8521B1F8
Device \Driver\volmgr \Device\HarddiskVolume7 8521B1F8
Device \Driver\volmgr \Device\VolMgrControl 8521B1F8
Device \FileSystem\cdfs \Cdfs 856471F8
Device \FileSystem\Ntfs \Ntfs 8521E1F8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A0F13C] \SystemRoot\System32\Drivers\spoi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A0F040] \SystemRoot\System32\Drivers\spoi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A0F0BE] \SystemRoot\System32\Drivers\spoi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A0F7FC] \SystemRoot\System32\Drivers\spoi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A0F6D2] \SystemRoot\System32\Drivers\spoi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A1F048] \SystemRoot\System32\Drivers\spoi.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7495A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7490DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74938395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7490BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7492C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7498CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74907817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74902AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxwcctdnrq.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x34 0x12 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxwcctdnrq.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x34 0x12 0xED ...

---- Services - GMER 1.0.15 ----

Service system32\drivers\gaopdxwcctdnrq.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spoi.sys Le chemin d'accès spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8873A41B 5 Bytes JMP 8564C4E0

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 02 December 2009 - 06:14 PM

Hi,

you have a rootkit infection, please check if ComboFix will delete it:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 05 December 2009 - 03:17 AM

Sorry for the delay. Had loads of work to do.
here is the conbofix log.


ComboFix 09-12-04.02 - Lee 05/12/2009 8:45.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1278 [GMT 1:00]
Lancé depuis: c:\users\Lee\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\WLSetup
c:\programdata\Microsoft\WLSetup\CabLogs\Logs.CAB
c:\programdata\Microsoft\WLSetup\Logs\2008-12-16_12-04_157c-4bu3sjan.log
c:\programdata\Microsoft\WLSetup\Logs\2008-12-16_13-07_2a0-cpihua93.log
c:\programdata\Microsoft\WLSetup\Logs\2008-12-16_13-31_17b8-8b1mi8xw.log
c:\programdata\Microsoft\WLSetup\Logs\2008-12-18_14-04_d28-v3sajjcs.log
c:\programdata\Microsoft\WLSetup\Logs\2009-02-21_12-18_9d8-qd5d66ey.log
c:\programdata\Microsoft\WLSetup\Logs\2009-02-21_12-23_de0-mrmk95i4.log
c:\programdata\Microsoft\WLSetup\Logs\2009-02-21_16-43_fac-auprra2w.log
c:\programdata\Microsoft\WLSetup\Logs\2009-02-22_17-53_ce8-5nx3lco4.log
c:\programdata\Microsoft\WLSetup\Logs\2009-11-24_15-27_1860-iv7iet67.log
c:\programdata\Microsoft\WLSetup\Logs\2009-11-24_15-30_1938-7dm8icil.log
c:\recycler\S-1-5-21-1229272821-842925246-725345543-500
c:\recycler\S-1-5-21-57989841-1004336348-839522115-1004
C:\resycled
c:\users\Lee\AppData\Local\jdsfapkf_navps.dat
c:\users\Lee\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GAOPDXSERV.SYS
-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-05 au 2009-12-05 ))))))))))))))))))))))))))))))))))))
.

2009-12-05 07:59 . 2009-12-05 08:04 -------- d-----w- c:\users\Lee\AppData\Local\temp
2009-12-05 07:59 . 2009-12-05 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-25 16:25 . 2009-11-25 16:25 4096 d-----w- c:\program files\3GP Player 2009
2009-11-25 16:15 . 2009-11-25 16:15 -------- d-----w- c:\program files\3gp Player
2009-11-25 14:13 . 2007-11-08 15:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-11-25 14:13 . 2009-11-25 14:23 -------- d-----w- c:\users\Lee\AppData\Roaming\LG Electronics
2009-11-25 12:41 . 2009-11-25 14:12 4096 d-----w- c:\program files\LG Electronics
2009-11-25 12:39 . 2009-11-25 12:39 -------- d-----w- C:\LG_USB
2009-11-25 12:38 . 2009-10-27 21:53 55232 ----a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe
2009-11-25 12:38 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2009-11-25 12:38 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-11-25 12:38 . 2009-11-24 05:26 1038272 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2009-11-25 12:38 . 2009-11-24 05:20 491520 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2009-11-25 12:38 . 2009-11-19 07:28 90112 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2009-11-25 12:38 . 2009-11-04 03:57 206792 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2009-11-25 12:38 . 2009-06-15 06:21 182208 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2009-11-25 12:38 . 2009-06-15 05:30 24576 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2009-11-25 12:38 . 2009-11-25 12:38 4096 d-----w- c:\programdata\LGMOBILEAX
2009-11-25 11:28 . 2009-11-25 11:28 4096 d-----w- c:\program files\WorldUnlock Codes Calculator
2009-11-24 14:47 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-20 20:51 . 2009-11-20 20:55 -------- d-----w- c:\users\Lee\.SunDownloadManager
2009-11-17 08:59 . 2009-05-12 10:20 173384 ----a-w- c:\windows\system32\AVLibrary.dll
2009-11-17 08:59 . 2009-11-20 08:53 -------- d-----w- c:\program files\Hide The IP 2009
2009-11-17 08:13 . 2009-11-17 08:13 165911 ----a-w- c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\uninstall.exe
2009-11-17 07:58 . 2009-11-17 08:03 14863448 ----a-w- c:\programdata\JonDoFox.paf.exe
2009-11-16 15:46 . 2009-11-16 15:46 -------- d-----w- c:\program files\ESET
2009-11-16 14:12 . 2009-11-16 14:12 -------- d-----w- c:\program files\Trend Micro
2009-11-15 09:48 . 2009-11-15 09:48 327680 ----a-w- c:\users\Lee\AppData\Local\rokhlifc.exe
2009-11-13 23:55 . 2009-11-13 23:55 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-13 14:48 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-13 14:48 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-13 14:48 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-13 14:45 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-13 14:45 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-13 14:45 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-13 14:30 . 2009-11-13 14:30 317952 ----a-w- c:\users\Lee\AppData\Local\ufesdc.exe
2009-11-13 08:38 . 2009-11-13 08:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-13 08:33 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-11-13 08:33 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-11-13 08:31 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-11-13 08:30 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-13 08:30 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-13 08:29 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-13 08:29 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-13 08:23 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-12 20:36 . 2009-11-12 20:36 357888 ----a-w- c:\users\Lee\AppData\Local\wgpyirbk.exe
2009-11-12 16:44 . 2009-11-12 16:44 -------- d-----w- c:\programdata\PopCap
2009-11-12 16:43 . 2009-11-12 16:43 -------- d-----w- c:\program files\PopCap Games
2009-11-06 15:32 . 2009-11-06 15:32 4096 d-----w- c:\program files\UnderCoverXP
2009-11-06 15:25 . 2009-11-06 15:25 4096 d-----w- c:\program files\DVDCover+

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 08:04 . 2009-02-11 09:30 4096 d-----w- c:\users\Lee\AppData\Roaming\AquarioGest Saltwater
2009-12-05 08:02 . 2008-03-20 07:30 4096 d-----w- c:\program files\SpeedBit Video Accelerator
2009-12-05 08:00 . 2008-07-05 06:31 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-03 04:23 . 2008-04-11 07:28 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 03:45 . 2008-03-25 16:25 4096 d-----w- c:\program files\Google
2009-12-02 15:15 . 2006-11-02 15:48 49234 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-02 15:15 . 2006-11-02 15:48 11514 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-30 19:34 . 2008-10-01 17:29 4096 d-----w- c:\program files\Dofus
2009-11-27 19:18 . 2009-04-04 12:25 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-27 19:17 . 2009-04-04 12:39 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-25 14:12 . 2008-03-14 09:59 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-24 14:46 . 2008-03-18 10:05 4096 d-----w- c:\program files\Windows Live
2009-11-20 13:16 . 2009-03-31 08:23 4096 d-----w- c:\users\Lee\AppData\Roaming\FileZilla
2009-11-17 09:34 . 2008-03-24 08:40 4096 d-----w- c:\users\Lee\AppData\Roaming\uTorrent
2009-11-16 13:13 . 2009-06-18 15:35 89 ----a-w- c:\users\Lee\AppData\Local\cysso.bat
2009-11-16 08:23 . 2009-06-11 10:26 87 ----a-w- c:\users\Lee\AppData\Local\euykm.bat
2009-11-13 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-13 23:54 . 2009-11-13 23:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-13 23:52 . 2009-11-13 23:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 14:26 . 2008-12-16 11:28 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-13 14:24 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 20:26 . 2008-06-22 06:13 4096 d-----w- c:\program files\Call of Duty 4 - Modern Warfare
2009-11-06 07:18 . 2009-07-09 11:39 4096 d-----w- c:\program files\POI-Warner GoPal Edition
2009-11-06 07:17 . 2009-10-22 09:22 -------- d-----w- c:\program files\Jeux.fr
2009-11-02 19:42 . 2009-10-04 09:21 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 08:55 . 2009-10-28 08:54 -------- d-----w- c:\program files\SSS
2009-10-26 08:16 . 2009-10-26 08:16 425984 ----a-w- c:\users\Lee\AppData\Local\sxdiuze.exe
2009-10-25 10:57 . 2009-10-25 10:57 352256 ----a-w- c:\users\Lee\AppData\Local\bocjwcpm.exe
2009-10-23 07:36 . 2009-10-22 09:23 -------- d-----w- c:\program files\Yahoo!
2009-10-22 10:19 . 2009-08-01 14:07 8192 d-----w- c:\program files\Wakfu
2009-10-22 09:23 . 2008-09-17 11:44 -------- d-----w- c:\users\Lee\AppData\Roaming\PlayFirst
2009-10-22 09:23 . 2008-09-17 11:44 -------- d-----w- c:\programdata\PlayFirst
2009-10-22 09:23 . 2009-10-22 09:23 -------- d-----w- c:\users\Lee\AppData\Roaming\Yahoo!
2009-10-22 09:23 . 2009-10-22 09:23 -------- d-----w- c:\programdata\Oberon Media
2009-10-18 16:10 . 2009-10-18 16:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 13:25 . 2009-10-16 13:22 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 13:23 . 2009-10-16 13:22 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-16 13:22 . 2009-10-16 13:22 -------- d-----w- c:\program files\Microsoft.NET
2009-10-13 08:59 . 2008-03-14 09:56 92632 ----a-w- c:\users\Lee\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-13 08:59 . 2009-10-13 08:59 4096 d-----w- c:\program files\Poster Forge
2009-10-09 17:47 . 2009-10-09 17:47 81 --sh--r- c:\windows\CT4SET.BIN
2009-10-09 17:47 . 2009-10-09 17:47 -------- d-----w- c:\program files\Reallusion
2009-10-09 17:47 . 2009-10-09 17:47 -------- d-----w- c:\program files\Common Files\Reallusion
2009-10-09 10:43 . 2009-10-09 10:43 -------- d-----w- c:\users\Lee\AppData\Roaming\Reallusion
2009-10-09 10:36 . 2009-05-28 13:21 -------- d-----w- c:\users\Lee\AppData\Roaming\proDAD
2009-10-09 10:36 . 2009-10-09 10:36 4096 d-----w- c:\program files\LooksBuilderSE
2009-10-09 10:35 . 2009-05-28 13:19 4096 d-----w- c:\program files\Boris FX, Inc
2009-10-09 10:32 . 2008-10-08 08:24 4096 d-----w- c:\program files\Pinnacle
2009-10-09 10:20 . 2009-10-09 10:20 -------- d-----w- c:\programdata\Studio 12
2009-10-09 10:20 . 2009-10-09 10:20 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2009-10-09 10:20 . 2009-10-09 10:20 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-10-09 10:20 . 2008-10-08 07:53 -------- d-----w- c:\programdata\Pinnacle
2009-10-08 17:30 . 2009-10-02 08:10 -------- d-----w- c:\program files\WBFS
2009-10-08 17:17 . 2009-06-21 10:03 -------- d-----w- c:\program files\ArcSoft
2009-10-08 17:17 . 2009-06-21 10:04 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-10-08 17:16 . 2008-05-31 07:51 -------- d-----w- c:\program files\SlySoft
2009-10-06 18:51 . 2008-07-18 07:11 1356 ----a-w- c:\users\Lee\AppData\Local\d3d9caps.dat
2009-10-06 11:48 . 2009-10-06 11:48 -------- d-----w- c:\programdata\SlySoft
2009-10-01 01:02 . 2009-11-13 14:47 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-13 14:47 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-13 14:47 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-13 14:47 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-13 14:47 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-13 14:47 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-13 14:47 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-13 14:47 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-13 14:47 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-13 14:47 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-13 14:47 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-13 14:47 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-13 14:47 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-13 14:47 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-13 14:47 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-13 14:47 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-13 14:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-13 14:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-13 14:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-13 14:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-13 14:47 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-13 14:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-13 14:47 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-13 14:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-13 14:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-13 14:47 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-13 14:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-13 14:47 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-13 14:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-13 14:47 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-13 14:47 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-13 14:47 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-13 14:47 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-13 14:47 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-13 14:47 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-13 14:47 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-13 14:47 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-13 14:47 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-13 14:47 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-13 14:47 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-13 14:47 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-13 14:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-05-31 07:54 . 2008-05-31 07:52 24 --sh--w- c:\windows\SDA921EBD.tmp
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2009-03-22 1437696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]
"3gp Player"="c:\program files\3gp Player\3gpPlayer.exe" [2007-09-20 634368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-10 98304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-03-10 604704]
"AsioReg"="CTASIO.DLL" - c:\windows\System32\CTASIO.DLL [2006-12-12 79872]

c:\users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AquarioGest Alarm.lnk - c:\users\Lee\AppData\Roaming\AquarioGest Saltwater\AquarioGestAlarm_EM.exe [2009-2-11 2408960]
Outil de notification Live Search.lnk - c:\users\Lee\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-9-9 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-4 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:53,c7,d4,f9,54,e7,c9,01

R1 anf0100.sys;anf0100.sys;c:\windows\System32\drivers\anf0100.sys [07/06/2009 22:47 9728]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/02/2009 10:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/02/2009 10:01 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/02/2009 10:00 53328]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [01/07/2009 12:42 233472]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [08/06/2007 23:23 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15/09/2009 09:31 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [01/07/2009 12:42 36608]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\System32\drivers\whfltr2k.sys [25/01/2007 23:45 6784]
S2 gupdate1c9f1b9dcae1144;Service Google Update (gupdate1c9f1b9dcae1144);c:\program files\Google\Update\GoogleUpdate.exe [20/06/2009 16:14 133104]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\System32\drivers\bender.sys [04/12/2006 08:36 203264]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [18/06/2008 09:42 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/11/2009 15:47 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [30/05/2008 18:21 28224]
S3 ST330;ST330;c:\windows\System32\drivers\st330.sys [28/05/2008 20:03 30464]
S3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [28/05/2008 20:03 12672]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2009-12-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 15:11]

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 15:14]

2009-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 15:14]

2009-12-04 c:\windows\Tasks\User_Feed_Synchronization-{6EAA344A-A211-4C47-96CD-2B905D70FE31}.job
- c:\windows\system32\msfeedssync.exe [2008-06-18 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://start.gamenext.fr
mStart Page = hxxp://lo.st
Trusted Zone: orange.fr\www
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kc4dwnc9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-KMCONFIG - c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
HKLM-Run-TQ566808 - D:\Setup.exe
AddRemove-HijackThis - c:\users\Lee\AppData\Local\Temp\HijackThis.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-proDAD-Vitascene-1.0 - c:\program files\proDAD\Vitascene-1.0\uninstall.exe uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
AddRemove-{2375ea95-24e5-4050-acf6-191477ef7f85} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A
AddRemove-{ORAHSS}.Browser - c:\program files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 09:03
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8521D1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x889a1d24
\Driver\ACPI -> acpi.sys @ 0x82b3dd68
\Driver\atapi -> 0x8521d1f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4241853864-1532934991-865925165-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c4,27,d9,de,f7,a9,45,70,01,f4,7e,b7,81,a0,d4,34,59,5b,48,cf,ed,3f,bb,
ba,c2,41,b8,32,0f,d4,d2,ef,3b,6b,8a,d0,08,56,86,73,2f,de,00,d8,20,31,36,f5,\
"??"=hex:e1,7a,91,98,cf,b3,1e,84,8e,32,b0,e5,6a,e2,14,a1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3860)
c:\advanced wheel mouse\wh_hook.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Thomson SpeedTouch\ST330\service\st330service.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe
c:\program files\Trust\Trust R-Series Mouse\KMConfig.exe
c:\advanced wheel mouse\wh_exec.exe
c:\program files\Trust\Trust R-Series Mouse\KMProcess.exe
c:\users\Lee\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Heure de fin: 2009-12-05 09:14 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-05 08:13

Avant-CF: 59 384 283 136 octets libres
Après-CF: 59 272 982 528 octets libres

- - End Of File - - D216044BF49EEDE7FE565EF00A196201

#10 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 10 December 2009 - 03:34 PM

posted the conbofix like you asked but no news for 5 days ??????

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 11 December 2009 - 11:56 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

Combofix did not take care of the rootkit. We need to find a replacement for the infected file:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

c:\users\Lee\AppData\Local\rokhlifc.exe
c:\users\Lee\AppData\Local\ufesdc.exe
c:\users\Lee\AppData\Local\cysso.bat
c:\users\Lee\AppData\Local\euykm.bat
c:\users\Lee\AppData\Local\sxdiuze.exe
c:\users\Lee\AppData\Local\bocjwcpm.exe

SRPeek::
C:\windows\system32\drivers\atapi.sys


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please let ComboFix update itself, when it asks.

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 11 December 2009 - 12:58 PM

Ok no problem for the delay. I just thought you forgot me lol. now i know you would not do that :(

Ok here is the second conbofix log.

ComboFix 09-12-04.02 - Lee 11/12/2009 18:38.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1343 [GMT 1:00]
Lancé depuis: c:\users\Lee\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lee\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Lee\AppData\Local\bocjwcpm.exe"
"c:\users\Lee\AppData\Local\cysso.bat"
"c:\users\Lee\AppData\Local\euykm.bat"
"c:\users\Lee\AppData\Local\rokhlifc.exe"
"c:\users\Lee\AppData\Local\sxdiuze.exe"
"c:\users\Lee\AppData\Local\ufesdc.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\AntiMalware
c:\programdata\Microsoft\Windows\Start Menu\Programs\AntiMalware\AntiMalware Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\AntiMalware\AntiMalware.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\AntiMalware\Uninstall AntiMalware.lnk
c:\users\Lee\AppData\Local\bocjwcpm.exe
c:\users\Lee\AppData\Local\cysso.bat
c:\users\Lee\AppData\Local\euykm.bat
c:\users\Lee\AppData\Local\rokhlifc.exe
c:\users\Lee\AppData\Local\sxdiuze.exe
c:\users\Lee\AppData\Local\ufesdc.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-11 au 2009-12-11 ))))))))))))))))))))))))))))))))))))
.

2009-12-11 17:47 . 2009-12-11 17:48 -------- d-----w- c:\users\Lee\AppData\Local\temp
2009-12-11 17:47 . 2009-12-11 17:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-11 17:47 . 2009-12-11 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-11 13:04 . 2009-12-11 13:05 4096 d-----w- c:\program files\3GP Player 2009
2009-12-11 11:50 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 11:50 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 11:50 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 21:10 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-10 21:01 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-12-10 21:01 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-12-10 21:01 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 21:01 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-10 21:01 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-10 21:00 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 10:47 . 2009-12-09 10:47 -------- d-----w- c:\users\Lee\AppData\Roaming\Thinstall
2009-12-09 10:47 . 2009-12-09 10:47 -------- d-----w- c:\program files\CBS Software
2009-12-09 08:30 . 2008-01-28 13:31 6780240 ----a-w- c:\users\Lee\AppData\Roaming\TomTom\HOME\Profiles\q28ngmtt.default\extensions\Navcore.7.163.8493@tomtom.com\7-163-8493-3.dll
2009-12-09 07:36 . 2009-12-09 07:36 -------- d-----w- c:\programdata\TomTom
2009-12-09 07:35 . 2009-12-09 07:35 -------- d-----w- c:\users\Lee\AppData\Roaming\TomTom
2009-12-09 07:35 . 2009-12-09 07:35 -------- d-----w- c:\users\Lee\AppData\Local\TomTom
2009-11-25 14:13 . 2007-11-08 15:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-11-25 14:13 . 2009-11-25 14:23 4096 d-----w- c:\users\Lee\AppData\Roaming\LG Electronics
2009-11-25 12:41 . 2009-11-25 14:12 4096 d-----w- c:\program files\LG Electronics
2009-11-25 12:39 . 2009-11-25 12:39 -------- d-----w- C:\LG_USB
2009-11-25 12:38 . 2009-10-27 21:53 55232 ----a-w- c:\programdata\LGMOBILEAX\LGMLauncher.exe
2009-11-25 12:38 . 2006-05-04 07:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2009-11-25 12:38 . 2005-10-04 00:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-11-25 12:38 . 2009-11-24 05:26 1038272 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGUserCSTool.exe
2009-11-25 12:38 . 2009-11-24 05:20 491520 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMUpgradeDL.dll
2009-11-25 12:38 . 2009-11-19 07:28 90112 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDL.dll
2009-11-25 12:38 . 2009-11-04 03:57 206792 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CAppUninstall.exe
2009-11-25 12:38 . 2009-06-15 06:21 182208 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
2009-11-25 12:38 . 2009-06-15 05:30 24576 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\LGMobileDLRapi.dll
2009-11-25 12:38 . 2009-11-25 12:38 4096 d-----w- c:\programdata\LGMOBILEAX
2009-11-24 14:47 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-20 20:51 . 2009-11-20 20:55 4096 d-----w- c:\users\Lee\.SunDownloadManager
2009-11-17 08:59 . 2009-05-12 10:20 173384 ----a-w- c:\windows\system32\AVLibrary.dll
2009-11-17 08:59 . 2009-11-20 08:53 4096 d-----w- c:\program files\Hide The IP 2009
2009-11-17 08:13 . 2009-11-17 08:13 165911 ----a-w- c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\uninstall.exe
2009-11-17 07:58 . 2009-11-17 08:03 14863448 ----a-w- c:\programdata\JonDoFox.paf.exe
2009-11-16 14:12 . 2009-11-16 14:12 -------- d-----w- c:\program files\Trend Micro
2009-11-13 23:55 . 2009-11-13 23:55 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-13 14:48 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-13 14:48 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-13 14:48 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-13 14:45 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-13 14:45 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-13 14:45 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-13 08:38 . 2009-11-13 08:38 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-13 08:32 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-13 08:32 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-11-13 08:32 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-13 08:32 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-13 08:32 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-13 08:32 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-13 08:32 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-13 08:32 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-13 08:32 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-13 08:32 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-11-13 08:32 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-13 08:32 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-11-13 08:30 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-13 08:30 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-13 08:29 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-13 08:29 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-11-13 08:23 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-12 20:36 . 2009-11-12 20:36 357888 ----a-w- c:\users\Lee\AppData\Local\wgpyirbk.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 17:30 . 2008-03-20 07:30 4096 d-----w- c:\program files\SpeedBit Video Accelerator
2009-12-11 17:27 . 2008-07-05 06:31 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-11 12:43 . 2006-11-02 15:48 49234 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-11 12:43 . 2006-11-02 15:48 11514 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-11 12:02 . 2009-02-11 09:30 4096 d-----w- c:\users\Lee\AppData\Roaming\AquarioGest Saltwater
2009-12-11 06:19 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-12-05 23:09 . 2009-04-04 12:39 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-05 19:38 . 2009-04-04 12:25 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-05 19:36 . 2009-03-31 08:23 4096 d-----w- c:\users\Lee\AppData\Roaming\FileZilla
2009-12-03 04:23 . 2008-04-11 07:28 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 03:45 . 2008-03-25 16:25 4096 d-----w- c:\program files\Google
2009-11-30 19:34 . 2008-10-01 17:29 4096 d-----w- c:\program files\Dofus
2009-11-25 14:12 . 2008-03-14 09:59 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-24 14:46 . 2008-03-18 10:05 4096 d-----w- c:\program files\Windows Live
2009-11-17 09:34 . 2008-03-24 08:40 4096 d-----w- c:\users\Lee\AppData\Roaming\uTorrent
2009-11-13 23:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-13 23:54 . 2009-11-13 23:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-13 23:52 . 2009-11-13 23:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 14:26 . 2008-12-16 11:28 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-12 20:26 . 2008-06-22 06:13 4096 d-----w- c:\program files\Call of Duty 4 - Modern Warfare
2009-11-06 15:32 . 2009-11-06 15:32 4096 d-----w- c:\program files\UnderCoverXP
2009-11-06 15:25 . 2009-11-06 15:25 4096 d-----w- c:\program files\DVDCover+
2009-11-06 07:18 . 2009-07-09 11:39 4096 d-----w- c:\program files\POI-Warner GoPal Edition
2009-11-06 07:17 . 2009-10-22 09:22 -------- d-----w- c:\program files\Jeux.fr
2009-11-02 19:42 . 2009-10-04 09:21 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 08:55 . 2009-10-28 08:54 -------- d-----w- c:\program files\SSS
2009-10-23 07:36 . 2009-10-22 09:23 -------- d-----w- c:\program files\Yahoo!
2009-10-22 10:19 . 2009-08-01 14:07 8192 d-----w- c:\program files\Wakfu
2009-10-22 09:23 . 2008-09-17 11:44 -------- d-----w- c:\users\Lee\AppData\Roaming\PlayFirst
2009-10-22 09:23 . 2008-09-17 11:44 -------- d-----w- c:\programdata\PlayFirst
2009-10-22 09:23 . 2009-10-22 09:23 -------- d-----w- c:\users\Lee\AppData\Roaming\Yahoo!
2009-10-22 09:23 . 2009-10-22 09:23 -------- d-----w- c:\programdata\Oberon Media
2009-10-18 16:10 . 2009-10-18 16:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 13:25 . 2009-10-16 13:22 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 13:23 . 2009-10-16 13:22 4096 d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-16 13:22 . 2009-10-16 13:22 -------- d-----w- c:\program files\Microsoft.NET
2009-10-13 08:59 . 2008-03-14 09:56 92632 ----a-w- c:\users\Lee\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 17:47 . 2009-10-09 17:47 81 --sh--r- c:\windows\CT4SET.BIN
2009-10-06 18:51 . 2008-07-18 07:11 1356 ----a-w- c:\users\Lee\AppData\Local\d3d9caps.dat
2009-10-01 01:02 . 2009-11-13 14:47 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-13 14:47 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-13 14:47 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-13 14:47 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-13 14:47 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-13 14:47 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-13 14:47 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-13 14:47 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-13 14:47 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-13 14:47 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-13 14:47 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-13 14:47 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-13 14:47 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-13 14:47 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-13 14:47 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-13 14:47 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-13 14:47 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-13 14:47 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-13 14:47 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-13 14:47 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-13 14:47 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-13 14:47 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-13 14:47 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-13 14:47 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-13 14:47 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-13 14:47 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-13 14:47 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-13 14:47 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-13 14:47 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-13 14:47 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-13 14:47 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-13 14:47 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-13 14:47 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-13 14:47 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-13 14:47 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-13 14:47 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-13 14:47 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-13 14:47 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-13 14:47 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-13 14:47 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-13 14:47 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-13 14:47 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-13 14:47 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-04-11 15:22 . 2009-04-11 15:22 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
2002-07-26 15:02 . 2008-10-08 08:54 153088 ----a-w- c:\program files\UNWISE.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-05-31 07:54 . 2008-05-31 07:52 24 --sh--w- c:\windows\SDA921EBD.tmp
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"IpSharkk"="c:\program files\IpSharkk\IpSharkk.exe" [2009-03-22 1437696]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-10 98304]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-03-10 604704]
"AsioReg"="CTASIO.DLL" - c:\windows\System32\CTASIO.DLL [2006-12-12 79872]

c:\users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AquarioGest Alarm.lnk - c:\users\Lee\AppData\Roaming\AquarioGest Saltwater\AquarioGestAlarm_EM.exe [2009-2-11 2408960]
Outil de notification Live Search.lnk - c:\users\Lee\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-9-9 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-4 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:53,c7,d4,f9,54,e7,c9,01

R1 anf0100.sys;anf0100.sys;c:\windows\System32\drivers\anf0100.sys [07/06/2009 22:47 9728]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08/02/2009 10:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08/02/2009 10:01 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08/02/2009 10:00 53328]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [01/07/2009 12:42 233472]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [08/06/2007 23:23 208896]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [15/09/2009 09:31 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [01/07/2009 12:42 36608]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\System32\drivers\whfltr2k.sys [25/01/2007 23:45 6784]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [11/04/2008 10:54 717296]
S2 gupdate1c9f1b9dcae1144;Service Google Update (gupdate1c9f1b9dcae1144);c:\program files\Google\Update\GoogleUpdate.exe [20/06/2009 16:14 133104]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\System32\drivers\bender.sys [04/12/2006 08:36 203264]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [18/06/2008 09:42 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [24/11/2009 15:47 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [30/05/2008 18:21 28224]
S3 ST330;ST330;c:\windows\System32\drivers\st330.sys [28/05/2008 20:03 30464]
S3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [28/05/2008 20:03 12672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2009-12-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-20 15:11]

2009-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 15:14]

2009-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-20 15:14]

2009-12-11 c:\windows\Tasks\User_Feed_Synchronization-{6EAA344A-A211-4C47-96CD-2B905D70FE31}.job
- c:\windows\system32\msfeedssync.exe [2008-06-18 07:33]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://start.gamenext.fr
mStart Page = hxxp://lo.st
Trusted Zone: orange.fr\www
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\kc4dwnc9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 18:48
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\st330service]
"ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4241853864-1532934991-865925165-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c4,27,d9,de,f7,a9,45,70,01,f4,7e,b7,81,a0,d4,34,59,5b,48,cf,ed,3f,bb,
ba,c2,41,b8,32,0f,d4,d2,ef,3b,6b,8a,d0,08,56,86,73,2f,de,00,d8,20,31,36,f5,\
"??"=hex:e1,7a,91,98,cf,b3,1e,84,8e,32,b0,e5,6a,e2,14,a1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-12-11 18:51
ComboFix-quarantined-files.txt 2009-12-11 17:51
ComboFix2.txt 2009-12-05 08:14

Avant-CF: 58 052 575 232 octets libres
Après-CF: 58 036 097 024 octets libres

- - End Of File - - 2435B3353AA0898C4FAAF1674A526729

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 11 December 2009 - 01:19 PM

Hi,

how is your PC behaving now?

Please run a scan with mbr:
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >>"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 leewest76

leewest76
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 14 December 2009 - 10:20 AM

Hi i try to enter c:\mbr.exe -t >>"C:\mbr.log" in to cmd.exe
and i get c:\mbr.exe -t >>"C:\mbr.log" is not recognized as internal or external command operable program or batch file commands. This is when run as admin.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:09 PM

Posted 15 December 2009 - 10:43 AM

Hi,

sorry, that was a mix up. Please try the following command instead:

mbr.exe -t > "C:\mbr.log"

This should create the log in C:\ as described earlier.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users