Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with WindowsDiagnostic


  • This topic is locked This topic is locked
25 replies to this topic

#1 jeanpierrre

jeanpierrre

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 16 March 2011 - 05:12 PM

Hello,

I used Malwarebytes'Antimalware and perform the scan, completed successfully.
I removed the listed malware but a message said "some files has not been removed".
The MBAM log is available.
Conclusion : Still no access to HDD, to all programs, to internet favorites. For my documents, I discovered they were "hidden files" : cancelling that, I have now full access to my documents.

Today, I followed the instructions for Malware Removal Tools and Requesting help with no problem except to create a GMER log.
I unchecked the requested settings in the main GMER window and start the scan for rootkits but the process stopped after some time : activity is no longer shown in the bottom line of the window. I have tried several times waiting and being patient but never the process comes to the end !

Many thanks for considering my request.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by MARIE at 16:15:31,31 on mer. 16/03/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.32.1036.18.1023.476 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\beidservicecrl.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MARIE\Bureau\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.skynet.be/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.shscomputer.be/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album edition découverte\3.2\apps\apdproxy.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\marie\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Search
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: dexia.be\directnet
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217010061682&h=9826a0cb0d4e9265bdb488f33cdadbc7/&filename=jinstall-6u7-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://belgacom.extrafilm.be/ImageUploader4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-12 11608]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-15 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-4-19 394952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-12 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-12 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-12 61960]
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [2007-2-19 225280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-11 133104]
S3 Boonty Games;Boonty Games;c:\program files\fichiers communs\boonty shared\service\Boonty.exe [2006-12-16 69120]
S3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [2007-2-19 331776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-5 14336]
S3 UXDCMN;UXDCMN;\??\d:\winstress 2004\uxdcmn.sys --> d:\winstress 2004\UXDCMN.SYS [?]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
.
=============== Created Last 30 ================
.
2011-03-15 20:54:33 -------- d-----w- c:\docume~1\marie\applic~1\Malwarebytes
2011-03-15 20:53:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 20:53:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-15 20:53:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 20:53:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 12:04:35 -------- d--h--w- c:\docume~1\marie\applic~1\Avira
2011-03-09 16:22:22 -------- d--h--w- c:\docume~1\marie\locals~1\applic~1\Temp
.
==================== Find3M ====================
.
2007-01-26 21:10:48 774144 ---ha-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 16:16:45,70 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 16 March 2011 - 05:24 PM

Hello jeanpierrre,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.



Download them in Normal Mode. Then please run these tools in Safemode.

Now reboot into Safe Mode with Networking.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option with networking support.
Please see here for additional details.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
Tdsskiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 17 March 2011 - 12:24 PM

Hello fireman4it,
I am very happy to receive your quick answer with new guidelines.Please consider that my mother language is French so that it takes time to me when reading or writing in English. But anyway, that will go : Your instructions are very clear and complete.
I send your the the first file with TDDSkiller log : nothing was found.

For the second step, I have some hesitation to start because I am not sure Avira antivirus is disable. In Safe mode with networking, I can not see the icon of Avira (the umbrella) on the bottom line of the screen. How can I verify it is rea

#4 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 17 March 2011 - 12:29 PM

Hello fireman4it,

Sorry I made something wrong and my reply was sent uncomplete !

.....How can I verify Avira is really closed ?

Many thanks.

2011/03/17 17:49:31.0015 0384 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/17 17:49:31.0375 0384 ================================================================================
2011/03/17 17:49:31.0375 0384 SystemInfo:
2011/03/17 17:49:31.0375 0384
2011/03/17 17:49:31.0375 0384 OS Version: 5.1.2600 ServicePack: 2.0
2011/03/17 17:49:31.0375 0384 Product type: Workstation
2011/03/17 17:49:31.0375 0384 ComputerName: BUREAU
2011/03/17 17:49:31.0375 0384 UserName: JEAN-PIERRE
2011/03/17 17:49:31.0375 0384 Windows directory: C:\WINDOWS
2011/03/17 17:49:31.0375 0384 System windows directory: C:\WINDOWS
2011/03/17 17:49:31.0375 0384 Processor architecture: Intel x86
2011/03/17 17:49:31.0375 0384 Number of processors: 1
2011/03/17 17:49:31.0375 0384 Page size: 0x1000
2011/03/17 17:49:31.0375 0384 Boot type: Safe boot with network
2011/03/17 17:49:31.0375 0384 ================================================================================
2011/03/17 17:49:31.0718 0384 Initialize success
2011/03/17 17:50:28.0421 0416 ================================================================================
2011/03/17 17:50:28.0421 0416 Scan started
2011/03/17 17:50:28.0421 0416 Mode: Manual;
2011/03/17 17:50:28.0421 0416 ================================================================================
2011/03/17 17:50:30.0734 0416 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/17 17:50:31.0109 0416 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/17 17:50:31.0718 0416 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/03/17 17:50:32.0093 0416 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/03/17 17:50:34.0156 0416 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/17 17:50:36.0000 0416 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/17 17:50:37.0093 0416 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/17 17:50:37.0437 0416 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/17 17:50:37.0953 0416 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/17 17:50:38.0281 0416 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/17 17:50:38.0421 0416 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/03/17 17:50:38.0843 0416 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/17 17:50:39.0203 0416 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/17 17:50:39.0500 0416 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/17 17:50:39.0875 0416 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/17 17:50:40.0171 0416 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/17 17:50:40.0687 0416 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/17 17:50:40.0984 0416 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/17 17:50:41.0281 0416 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/17 17:50:43.0015 0416 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/17 17:50:43.0484 0416 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/17 17:50:44.0015 0416 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/17 17:50:44.0375 0416 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/17 17:50:44.0734 0416 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/17 17:50:45.0171 0416 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/17 17:50:45.0500 0416 ENTECH (bdd170fecb0e496a914318009d85b819) C:\WINDOWS\system32\DRIVERS\ENTECH.SYS
2011/03/17 17:50:45.0843 0416 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/17 17:50:46.0203 0416 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/17 17:50:46.0531 0416 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/17 17:50:46.0906 0416 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/17 17:50:47.0218 0416 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/17 17:50:47.0609 0416 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/17 17:50:47.0890 0416 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/17 17:50:48.0265 0416 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/03/17 17:50:48.0625 0416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/17 17:50:48.0921 0416 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/17 17:50:49.0281 0416 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/17 17:50:49.0578 0416 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/17 17:50:50.0250 0416 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/17 17:50:51.0140 0416 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/17 17:50:51.0531 0416 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/17 17:50:51.0921 0416 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/03/17 17:50:52.0296 0416 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/03/17 17:50:52.0593 0416 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/03/17 17:50:52.0921 0416 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
2011/03/17 17:50:54.0531 0416 IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/17 17:50:56.0093 0416 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/17 17:50:56.0406 0416 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/17 17:50:56.0625 0416 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/17 17:50:56.0890 0416 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/17 17:50:57.0312 0416 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/17 17:50:57.0609 0416 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/03/17 17:50:57.0921 0416 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/17 17:50:58.0265 0416 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/03/17 17:50:58.0593 0416 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/17 17:50:58.0890 0416 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/17 17:50:59.0203 0416 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/17 17:50:59.0546 0416 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/03/17 17:50:59.0906 0416 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/17 17:51:00.0281 0416 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/17 17:51:00.0953 0416 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/17 17:51:01.0265 0416 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/17 17:51:01.0546 0416 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/17 17:51:01.0843 0416 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/17 17:51:02.0156 0416 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/17 17:51:02.0812 0416 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/17 17:51:03.0218 0416 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/17 17:51:03.0703 0416 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/17 17:51:04.0031 0416 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/17 17:51:04.0234 0416 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/17 17:51:04.0500 0416 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/17 17:51:04.0828 0416 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/17 17:51:05.0187 0416 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/17 17:51:05.0500 0416 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/03/17 17:51:05.0828 0416 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/17 17:51:06.0156 0416 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/17 17:51:06.0578 0416 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/17 17:51:06.0984 0416 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/17 17:51:07.0250 0416 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/17 17:51:07.0546 0416 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/17 17:51:07.0859 0416 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/17 17:51:08.0171 0416 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/17 17:51:08.0515 0416 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/17 17:51:08.0875 0416 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/17 17:51:09.0281 0416 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/17 17:51:09.0718 0416 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/17 17:51:10.0125 0416 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/17 17:51:10.0609 0416 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/03/17 17:51:10.0890 0416 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/17 17:51:12.0093 0416 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/17 17:51:13.0375 0416 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/03/17 17:51:13.0703 0416 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/03/17 17:51:14.0015 0416 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/17 17:51:14.0312 0416 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/17 17:51:14.0640 0416 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/17 17:51:15.0000 0416 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/17 17:51:15.0296 0416 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/17 17:51:15.0546 0416 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/17 17:51:15.0875 0416 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/17 17:51:16.0453 0416 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/17 17:51:16.0734 0416 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/17 17:51:17.0109 0416 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/17 17:51:19.0031 0416 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/03/17 17:51:19.0343 0416 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/17 17:51:19.0609 0416 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/17 17:51:19.0890 0416 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/17 17:51:20.0234 0416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/17 17:51:20.0562 0416 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/17 17:51:21.0937 0416 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/17 17:51:22.0171 0416 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/03/17 17:51:22.0406 0416 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/17 17:51:22.0609 0416 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/17 17:51:22.0843 0416 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/17 17:51:23.0203 0416 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/17 17:51:23.0531 0416 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/17 17:51:23.0843 0416 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/17 17:51:24.0218 0416 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/17 17:51:24.0515 0416 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/17 17:51:24.0953 0416 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/17 17:51:25.0281 0416 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/17 17:51:25.0609 0416 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/17 17:51:25.0953 0416 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/17 17:51:26.0406 0416 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/17 17:51:27.0015 0416 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/17 17:51:27.0343 0416 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/17 17:51:27.0656 0416 srescan (ec4240c219452982a02391e2599ad043) C:\WINDOWS\system32\ZoneLabs\srescan.sys
2011/03/17 17:51:28.0093 0416 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/17 17:51:28.0515 0416 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/17 17:51:28.0828 0416 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/17 17:51:29.0125 0416 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/17 17:51:29.0421 0416 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/17 17:51:30.0671 0416 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/17 17:51:31.0078 0416 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/17 17:51:31.0421 0416 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/17 17:51:31.0703 0416 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/17 17:51:32.0015 0416 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/17 17:51:32.0312 0416 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/03/17 17:51:32.0875 0416 tosporte (e46fb54be8a2a395fe96633b838baafe) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/03/17 17:51:33.0203 0416 Tosrfbd (07fb801d43f3ece221d4a33fda485bc2) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/03/17 17:51:33.0593 0416 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/03/17 17:51:33.0953 0416 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/03/17 17:51:34.0250 0416 Tosrfhid (37bcbccc4a71abbeaee90fd25e1132b2) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/03/17 17:51:34.0578 0416 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/03/17 17:51:34.0906 0416 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/03/17 17:51:35.0250 0416 Tosrfusb (65598d886bdaeae0c1d3cddc454c8383) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/03/17 17:51:35.0578 0416 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/17 17:51:36.0218 0416 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/17 17:51:36.0687 0416 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/17 17:51:37.0015 0416 USBCCID (290127a6c8a2a719f21c6afa1c90f51c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
2011/03/17 17:51:37.0343 0416 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/17 17:51:37.0671 0416 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/17 17:51:38.0000 0416 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/17 17:51:38.0281 0416 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/17 17:51:38.0609 0416 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/17 17:51:38.0984 0416 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/03/17 17:51:39.0562 0416 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/17 17:51:39.0875 0416 vsdatant (f08178af47f7a2abfab0a4f5fc5c885f) C:\WINDOWS\system32\vsdatant.sys
2011/03/17 17:51:40.0406 0416 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/17 17:51:40.0890 0416 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/03/17 17:51:41.0625 0416 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/17 17:51:42.0062 0416 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/17 17:51:42.0437 0416 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/17 17:51:42.0796 0416 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/17 17:51:43.0890 0416 ================================================================================
2011/03/17 17:51:43.0890 0416 Scan finished
2011/03/17 17:51:43.0890 0416 ================================================================================
2011/03/17 17:56:10.0656 0380 Deinitialize success

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 17 March 2011 - 05:10 PM

Hello,

It is ok. Combofix will tell you if Avira is running. If so just ignore the warning and run Combofix,

Edited by fireman4it, 17 March 2011 - 05:11 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 18 March 2011 - 07:42 AM

Hello,

Avira was running butI ignored the warning, as you said.

Combofix started the scan and announced a ten minutes waiting or the double if more infected.
After more than 2 hours the yellow prompt is still blinking but no other activity is visible.
Did the computer stall ? How to get out ? or wait more ?
I take no action and I am posting from another computer.

Should I maybe uninstall the Avira antivirus and restart the combofix later ?

Again thanks for your

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 18 March 2011 - 09:42 AM

Hello,

Where you running Combofix in safemode? You can hard restart your computer and boot into safemode and try and run Combofix again.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 18 March 2011 - 02:18 PM

Hello,

I run Combofix a second time without success but the third time after suppressing Avira program the scan went thru 50 steps and eliminated several files and directories. After automatic restart a log was issued and is posted hereunder.

Now my machine is running but has still most of the problemes discribed : from disk C:/ I just see a few directories in general empty and marked read only, the list of program is not accessible from the start button, internat favorites have not been recovered..
But the programs are still there and operational : I am able to open Microsoft office files for example.

Have a nice day.

ComboFix 11-03-17.02 - JEAN-PIERRE 18/03/2011 18:33:29.1.1 - x86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.32.1036.18.1023.818 [GMT 1:00]
Lancé depuis: c:\documents and settings\JEAN-PIERRE\Bureau\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\JEAN-PIERRE\Application Data\inst.exe
c:\documents and settings\JEAN-PIERRE\Bureau\Windows Diagnostic.lnk
c:\documents and settings\JEAN-PIERRE\Menu Démarrer\Programmes\Windows Diagnostic
c:\documents and settings\JEAN-PIERRE\Menu Démarrer\Programmes\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\documents and settings\JEAN-PIERRE\Menu Démarrer\Programmes\Windows Diagnostic\Windows Diagnostic.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\system\Color
c:\windows\system32\winspool.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-18 au 2011-03-18 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-17 16:25 . 2011-03-17 16:31 -------- d-----w- c:\documents and settings\MARIE\Application Data\U3
2011-03-17 16:21 . 2011-03-17 16:21 -------- d-----w- c:\documents and settings\Administrateur
2011-03-17 10:02 . 2011-03-17 10:05 -------- d-----w- c:\documents and settings\MARIE\Application Data\vlc
2011-03-16 12:54 . 2011-03-16 12:54 -------- d-----w- c:\documents and settings\JEAN-PIERRE\Application Data\Malwarebytes
2011-03-15 20:54 . 2011-03-15 20:54 -------- d-----w- c:\documents and settings\MARIE\Application Data\Malwarebytes
2011-03-15 20:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 20:53 . 2011-03-15 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-15 20:53 . 2011-03-15 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 20:53 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:15 . 2011-03-15 14:15 -------- d--h--r- c:\documents and settings\LocalService\Mes documents
2011-03-15 12:50 . 2011-03-15 12:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-15 11:10 . 2011-03-15 11:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-09 16:22 . 2011-03-09 16:22 -------- d--h--w- c:\documents and settings\MARIE\Local Settings\Application Data\Temp
2011-03-05 14:32 . 2011-03-05 14:32 -------- d--h--w- c:\documents and settings\JEAN-PIERRE\Local Settings\Application Data\PackageAware
2011-03-05 13:29 . 2011-03-05 13:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-05 13:28 . 2011-03-05 13:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\NOS
2011-03-05 13:28 . 2011-03-05 13:28 -------- d--h--w- c:\program files\NOS
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-01-26 21:10 . 2007-01-26 21:10 774144 ---ha-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
.
c:\documents and settings\MARIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-7-7 491520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [19/02/2007 15:16 225280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/08/2009 16:29 133104]
S3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [19/02/2007 15:16 331776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [5/08/2004 13:00 14336]
S3 UXDCMN;UXDCMN;\??\d:\winstress 2004\UXDCMN.SYS --> d:\winstress 2004\UXDCMN.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
2011-03-01 c:\windows\Tasks\cleanprefetch.job
- c:\windows\cleanprefetch.bat [2008-06-19 14:16]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 15:29]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 15:29]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.skynet.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: dexia.be
Trusted Zone: dexia.be\www
Trusted Zone: globecharge.com\www
Trusted Zone: meccano-mr-productions.com\www
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-ngfsVpIvCm - c:\documents and settings\All Users\Application Data\ngfsVpIvCm.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 18:59
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3593720343-4090279988-222283444-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2504)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\fxssvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-03-18 19:04:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-18 18:04
.
Avant-CF: 112.058.966.016 octets libres
Après-CF: 112.783.884.288 octets libres
.
- - End Of File - - 9AC6C4E235725E1D7C10B09CAB375B41

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 18 March 2011 - 03:45 PM

Hello,

Your log looks pretty good. Lets do some cleanup of leftovers and final checking.


from disk C:/ I just see a few directories in general empty and marked read only, the list of program is not accessible from the start button, internat favorites have not been recovered..


We will see if we can fix this. We may not be able to recover internet favorites


1.
Lets find out if your favorites file exists.

Go to Start>Search and select Files and Folders. Type favorites into the Named box and click Search.

There are three possibilities at this point:

1. You find the Favorites folder, double click to open it and determine that the Favorites are still lost.
2. You find the Favorites folder, and the Favorites are not missing from it.
3. You do not find the Favorites folder.

Please tell me which of these applies to your situation.

2.
Now we will try to fix your All programs situation.
Go to Start>> Run
In the box Copy and paste the following
regsvr32 /i shell32.dll
Now click OK
Restart your machine.
All programs working now?

3.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\Tasks\cleanprefetch.job
c:\windows\cleanprefetch.bat 

Domains::

DDS::
uStart Page = hxxp://www.skynet.be/
uInternet Settings,ProxyOverride = *.local
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab

Driver::
UXDCMN

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

Reglockdel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

4.
Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

5.
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Things to include in your next reply::
Answers to questions from 1 and 2
Combofix.txt
MBAM log
Eset log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 19 March 2011 - 07:57 AM

Hello fireman4it,

Hereunder are the results of the requested actions.

1. I do not find the favorites folder. However the new added favorites are shown under the favorites menu.
2. All programs are not working after running regsvr32...

ComboFix 11-03-17.02 - JEAN-PIERRE 18/03/2011 23:06:54.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.32.1036.18.1023.664 [GMT 1:00]
Lancé depuis: c:\documents and settings\JEAN-PIERRE\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\JEAN-PIERRE\Bureau\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\cleanprefetch.bat"
"c:\windows\Tasks\cleanprefetch.job"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\cleanprefetch.bat
c:\windows\Tasks\cleanprefetch.job
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UXDCMN
-------\Service_UXDCMN
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-02-18 au 2011-03-18 ))))))))))))))))))))))))))))))))))))
.
.
2011-03-18 19:28 . 2011-03-04 15:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-18 19:28 . 2011-03-04 13:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-18 19:28 . 2010-06-17 13:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-18 19:28 . 2010-06-17 13:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-18 19:28 . 2011-03-18 19:28 -------- d-----w- c:\program files\Avira
2011-03-18 19:28 . 2011-03-18 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-17 16:25 . 2011-03-17 16:31 -------- d-----w- c:\documents and settings\MARIE\Application Data\U3
2011-03-17 16:21 . 2011-03-17 16:21 -------- d-----w- c:\documents and settings\Administrateur
2011-03-17 10:02 . 2011-03-17 10:05 -------- d-----w- c:\documents and settings\MARIE\Application Data\vlc
2011-03-16 12:54 . 2011-03-16 12:54 -------- d-----w- c:\documents and settings\JEAN-PIERRE\Application Data\Malwarebytes
2011-03-15 20:54 . 2011-03-15 20:54 -------- d-----w- c:\documents and settings\MARIE\Application Data\Malwarebytes
2011-03-15 20:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-15 20:53 . 2011-03-15 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-15 20:53 . 2011-03-15 20:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 20:53 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 14:15 . 2011-03-15 14:15 -------- d--h--r- c:\documents and settings\LocalService\Mes documents
2011-03-15 12:50 . 2011-03-15 12:50 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-03-15 11:10 . 2011-03-15 11:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-09 16:22 . 2011-03-09 16:22 -------- d--h--w- c:\documents and settings\MARIE\Local Settings\Application Data\Temp
2011-03-05 14:32 . 2011-03-05 14:32 -------- d--h--w- c:\documents and settings\JEAN-PIERRE\Local Settings\Application Data\PackageAware
2011-03-05 13:29 . 2011-03-05 13:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-05 13:28 . 2011-03-05 13:28 -------- d--h--w- c:\documents and settings\All Users\Application Data\NOS
2011-03-05 13:28 . 2011-03-05 13:28 -------- d--h--w- c:\program files\NOS
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-01-26 21:10 . 2007-01-26 21:10 774144 ---ha-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
.
c:\documents and settings\MARIE\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-7-7 491520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18/03/2011 20:28 135336]
R2 eID CRL Service;eID CRL Service;c:\windows\system32\beidservicecrl.exe [19/02/2007 15:16 225280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/08/2009 16:29 133104]
S3 eID Privacy Service;eID Privacy Service;c:\windows\system32\beidservicepcsc.exe [19/02/2007 15:16 331776]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [5/08/2004 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contenu du dossier 'Tâches planifiées'
.
2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 15:29]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 15:29]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 23:22
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3593720343-4090279988-222283444-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1888)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\fxssvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2011-03-18 23:27:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-03-18 22:27
ComboFix2.txt 2011-03-18 18:04
.
Avant-CF: 112.452.370.432 octets libres
Après-CF: 112.495.886.336 octets libres
.
- - End Of File - - 14F58EBCD914B7B001B4AF79476EEC6A




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6104

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

19/03/2011 9:18:11
mbam-log-2011-03-19 (09-18-11).txt

Scan type: Quick scan
Objects scanned: 168362
Time elapsed: 7 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=96c746188cc4f04190da9ce66d5d4617
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-19 11:25:39
# local_time=2011-03-19 12:25:39 (+0100, Paris, Madrid)
# country="Belgium"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 155089245 155089245 0 0
# compatibility_mode=1797 16775141 100 93 43931 37061968 45166 0
# compatibility_mode=8192 67108863 100 0 3816 3816 0 0
# compatibility_mode=9217 16777213 100 64 84409616 102962209 0 0
# scanned=90623
# found=3
# cleaned=0
# scan_time=8523
C:\Documents and Settings\JEAN-PIERRE\Mes documents\Téléchargements\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\JEAN-PIERRE\Mes documents\Téléchargements\zlsSetup_70_462_000_fr.exe a variant of Win32/AdInstaller application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{A4962250-2361-4BCE-AC0B-F41F52D5B9FF}\RP1301\A0263637.exe a variant of Win32/Adware.WhenU.AA application (unable to clean) 00000000000000000000000000000000 I



Status of the machine : the problems are not yet fix, no improvement since yesterday.
Disk C: can not be explored , most files and folders not visible.
Thru the configuration panel, I can see my programs but not access them. But he programs run normally when I ask to open a file linked to a given program.


Thanks for your help

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 19 March 2011 - 10:13 AM

Hello,

We will try a couple other things and get a deeper look into your machine maybe it will tell us something.


1.
IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan. Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and any online activities which require a username and password. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:[quote]Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system[/quote]Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.[quote]The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).

Because your computer was compromised please read:
2.
Go to Start>>Run
In the command box copy and paste each line then click Enter after each one

c:\> attrib -r -s -h autorun.inf

c:\> del autorun.inf

d:\> attrib -r -s -h autorun.inf

d:\> del autorun.inf


Now restart your machine and see if you can access Drive C:\


3.
Go here and see if this applies to you.



4.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


Things to include in your next reply:
Can you Access your C:\ Drive?
OTL.txt
Extra.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 19 March 2011 - 12:03 PM

Hello,


I did not find the drive C: with the run command (still no access) and neither the drive D: which however is accessible !
If re-installing the system should be decided, could the drive D : receive a copy of my documents,music, e-mails,... in security ?
My first idea if my computer is really in bad and dangerous situation was to try to see if a restore point created automatically by Windows XP before the infection is available ?
I have still to examine the update from microsoft regarding start/all programs which is actually empty except two new one added.

Thanks a lot




OTL logfile created on: 19/03/2011 17:09:31 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JEAN-PIERRE\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1.023,00 Mb Total Physical Memory | 569,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 104,73 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 139,02 Gb Free Space | 93,27% Space Free | Partition Type: NTFS

Computer Name: BUREAU | User Name: JEAN-PIERRE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | -H-- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/06/13 14:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/16 10:45:30 | 000,063,712 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
PRC - [2007/02/19 15:16:40 | 000,225,280 | -H-- | M] ( Zetes) -- C:\WINDOWS\system32\beidservicecrl.exe
PRC - [2006/03/23 17:06:50 | 001,398,272 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2006/03/23 17:06:38 | 000,880,128 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
MOD - [2006/08/25 16:51:12 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/02 10:57:54 | 000,052,288 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/10/16 00:40:40 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/12/13 18:27:10 | 000,075,304 | -H-- | M] (Zone Labs, LLC) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/02/19 15:16:40 | 000,225,280 | -H-- | M] ( Zetes) [Auto | Running] -- C:\WINDOWS\system32\beidservicecrl.exe -- (eID CRL Service)
SRV - [2007/02/19 15:16:20 | 000,331,776 | -H-- | M] (Zetes) [On_Demand | Stopped] -- C:\WINDOWS\system32\beidservicepcsc.exe -- (eID Privacy Service)
SRV - [2006/08/01 17:13:52 | 000,119,800 | -H-- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2006/08/01 17:11:44 | 001,156,096 | -H-- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2006/03/23 17:06:38 | 000,880,128 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/04/04 00:41:10 | 000,069,632 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/12/13 18:27:14 | 000,394,952 | -H-- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/10/18 19:18:44 | 000,051,176 | -H-- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 14:10:28 | 000,127,768 | -H-- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/04/17 09:31:26 | 004,262,912 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/23 17:15:58 | 000,102,016 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/03/23 17:15:56 | 000,033,536 | -H-- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/03/23 17:15:56 | 000,029,440 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/09/22 09:34:18 | 003,727,680 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/13 16:32:00 | 000,034,816 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/08/26 21:10:20 | 000,108,672 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/07/29 10:11:04 | 000,012,928 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 10:11:02 | 000,034,048 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/27 17:48:08 | 000,053,504 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2005/04/06 08:54:44 | 000,050,048 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/30 11:42:54 | 000,047,230 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/06 12:42:42 | 000,018,612 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/04 09:33:02 | 000,062,799 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/04 00:08:22 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/07/08 16:07:34 | 000,036,531 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/03/19 05:34:54 | 000,027,136 | RH-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2002/10/16 12:55:48 | 000,002,851 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/17 23:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/defaultf.aspx?lang=fr-be&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-be
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 4B 45 58 0B E6 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/03/18 23:21:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217010061682&h=9826a0cb0d4e9265bdb488f33cdadbc7/&filename=jinstall-6u7-windows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} http://belgacom.extrafilm.be/ImageUploader4.cab (Image Uploader)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Polynsie.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Polynsie.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/19 09:38:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 17:03:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
[2011/03/19 13:08:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/19 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/19 09:01:55 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\mbam-setup.exe
[2011/03/18 23:27:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/18 22:48:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/03/18 20:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira
[2011/03/18 20:28:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/03/18 20:28:10 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/18 20:28:10 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/18 20:28:10 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/03/18 20:28:10 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/03/18 20:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/18 20:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/03/18 11:07:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/18 11:02:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/18 11:02:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/18 11:02:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/18 11:02:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/18 11:01:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/18 11:00:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/17 17:31:04 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\tdsskiller.exe
[2011/03/16 13:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Malwarebytes
[2011/03/15 21:53:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/15 21:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/03/15 21:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/15 21:53:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/15 21:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/15 21:07:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JEAN-PIERRE\Recent
[2011/03/15 13:54:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/15 13:50:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/05 15:32:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JEAN-PIERRE\Local Settings\Application Data\PackageAware
[2011/03/05 14:29:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/05 14:28:43 | 000,000,000 | -H-D | C] -- C:\Program Files\NOS
[2011/03/05 14:28:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/07/09 19:50:57 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\JEAN-PIERRE\Application Data\pcouffin.sys
[2007/01/26 22:10:51 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/19 17:10:50 | 188,528,672 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
[2011/03/19 16:54:00 | 000,001,064 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/19 15:54:00 | 000,001,060 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/19 13:16:27 | 000,081,858 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/19 13:15:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/19 13:15:46 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 13:13:47 | 002,210,984 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/03/19 09:06:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/19 09:01:55 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\mbam-setup.exe
[2011/03/18 23:21:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/18 20:28:34 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/03/18 20:25:42 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\avira_antivir_personal_en.exe
[2011/03/18 18:30:27 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/18 18:27:37 | 004,289,870 | R--- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\ComboFix.exe
[2011/03/18 18:27:37 | 004,289,870 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\ComboFix.exe
[2011/03/18 11:07:30 | 000,000,332 | -HS- | M] () -- C:\boot.ini
[2011/03/17 16:50:38 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\tdsskiller.exe
[2011/03/17 09:35:32 | 000,045,056 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/16 16:02:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/15 21:53:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Malwarebytes' Anti-Malware.lnk
[2011/03/15 20:49:29 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17817396r
[2011/03/15 20:49:29 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17817396
[2011/03/15 20:12:13 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~38002484r
[2011/03/15 20:12:13 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~38002484
[2011/03/15 20:07:14 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\38002484
[2011/03/15 18:01:08 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\17817396
[2011/03/15 16:03:58 | 000,347,818 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Réactiver le gestionnaire des tâches - Zebulon_fr.mht
[2011/03/12 20:03:28 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/10 17:41:31 | 004,774,118 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Es war kein Handspiel.avi
[2011/03/10 15:02:27 | 000,000,770 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Google Maps.url
[2011/03/05 14:57:53 | 000,000,569 | -H-- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/03 11:52:59 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/02/26 11:40:14 | 003,875,986 | R--- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Nouveau Dossier compressé.zip
[2011/02/22 10:08:11 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 09:06:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/18 20:28:34 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/03/18 20:25:42 | 051,349,520 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\avira_antivir_personal_en.exe
[2011/03/18 18:58:37 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 18:28:40 | 004,289,870 | R--- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\ComboFix.exe
[2011/03/18 18:27:27 | 004,289,870 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\ComboFix.exe
[2011/03/18 11:07:30 | 000,000,216 | -HS- | C] () -- C:\Boot.bak
[2011/03/18 11:07:27 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/03/18 11:02:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/18 11:02:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/18 11:02:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/18 11:02:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/18 11:02:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/15 21:53:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Malwarebytes' Anti-Malware.lnk
[2011/03/15 20:07:21 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~38002484r
[2011/03/15 20:07:21 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~38002484
[2011/03/15 20:07:14 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\38002484
[2011/03/15 16:03:47 | 000,347,818 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Réactiver le gestionnaire des tâches - Zebulon_fr.mht
[2011/03/15 12:24:41 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17817396r
[2011/03/15 12:24:40 | 000,000,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17817396
[2011/03/15 12:23:30 | 000,000,392 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17817396
[2011/03/10 17:41:30 | 004,774,118 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Es war kein Handspiel.avi
[2011/03/05 14:48:04 | 000,002,315 | -H-- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
[2011/02/26 11:37:54 | 003,875,986 | R--- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Nouveau Dossier compressé.zip
[2010/11/25 17:28:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/19 12:34:05 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/02 22:59:58 | 000,052,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/28 13:07:31 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/08/28 13:07:31 | 000,002,413 | -H-- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/27 21:33:08 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/27 20:27:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/07/20 21:16:29 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/07/09 19:53:22 | 000,000,107 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Printer.ini
[2009/07/09 19:50:57 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Application Data\pcouffin.cat
[2009/07/09 19:50:57 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Application Data\pcouffin.inf
[2008/11/21 22:47:52 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/23 09:40:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/14 19:45:43 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2008/07/12 13:13:58 | 188,528,672 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/06/30 11:06:26 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\mdm.ini
[2007/11/26 20:50:39 | 000,332,208 | -H-- | C] () -- C:\WINDOWS\C4DLL.dll
[2007/07/21 14:20:26 | 000,108,032 | -H-- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2007/06/23 19:36:41 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/13 10:47:23 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\XRUNX.BIN
[2007/05/13 10:47:22 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2007/05/13 10:43:07 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\XXXProgress.dll
[2007/05/13 10:42:19 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD-Start.INI
[2007/03/31 15:41:13 | 000,021,904 | -H-- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2007/03/31 15:41:13 | 000,017,808 | -H-- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2007/03/11 21:15:16 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\INTER.INI
[2007/02/09 21:05:24 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006/12/06 21:31:03 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/27 13:37:43 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/26 22:15:48 | 000,796,584 | -H-- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/11/21 17:19:42 | 000,003,712 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/21 09:47:14 | 000,045,056 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/16 17:53:26 | 000,000,042 | -H-- | C] () -- C:\WINDOWS\promedia.INI
[2006/09/30 12:27:28 | 000,003,972 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/09/30 12:21:53 | 000,040,960 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/30 12:19:06 | 000,004,714 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/09/30 12:19:04 | 000,005,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/11 20:45:20 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:10 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 20:43:00 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 20:43:00 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/11 20:43:00 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 20:43:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/11 20:43:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 20:43:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 20:43:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/11 20:43:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/11 20:43:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/04/19 11:29:39 | 000,004,205 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/19 11:28:39 | 000,237,552 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/19 09:48:52 | 000,000,482 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/19 09:45:53 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/19 09:44:45 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/04/19 09:42:00 | 000,000,498 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/19 09:41:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/19 09:36:09 | 000,021,892 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/22 11:56:08 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\beidcsp.dll
[2005/09/16 07:14:36 | 000,135,168 | RH-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/22 21:54:30 | 004,202,496 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2004/12/02 14:20:16 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 09:09:06 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/05 13:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 13:00:00 | 000,502,032 | -H-- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 13:00:00 | 000,433,698 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 13:00:00 | 000,322,810 | -H-- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 13:00:00 | 000,081,378 | -H-- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 13:00:00 | 000,067,984 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 13:00:00 | 000,034,108 | -H-- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 13:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 13:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 13:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/05 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 16:04:02 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 14:33:26 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/07/24 20:21:08 | 000,345,088 | -H-- | C] () -- C:\WINDOWS\System32\renMM.dll
[2002/09/18 14:14:56 | 000,274,432 | -H-- | C] () -- C:\WINDOWS\System32\therename.dll
[2002/09/18 14:13:58 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\renogg.dll
[1999/01/22 19:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/06/10 20:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2009/08/28 13:07:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/07/12 13:10:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/12/26 21:33:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2007/08/18 21:58:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/28 21:27:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/11 20:23:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/01 20:26:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 22:49:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/15 15:21:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/18 18:17:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\beid-cache
[2008/03/13 20:26:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\FlowPlay
[2007/04/04 21:27:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Hulabee
[2007/06/21 17:14:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Leadertech
[2009/08/28 21:44:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\LG Electronics
[2009/08/06 22:37:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/05 13:00:00 | 018,779,217 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 13:00:00 | 018,779,217 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/05 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:33:34 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[2009/02/06 19:46:49 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:49 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 03:33:40 | 000,187,392 | -H-- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | -H-- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFE8F97

< End of report >


OTL Extras logfile created on: 19/03/2011 17:09:31 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JEAN-PIERRE\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1.023,00 Mb Total Physical Memory | 569,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 104,73 Gb Free Space | 70,27% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 139,02 Gb Free Space | 93,27% Space Free | Partition Type: NTFS

Computer Name: BUREAU | User Name: JEAN-PIERRE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [THE Rename] -- "C:\Program Files\THE Rename\rename.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E1DEFF-23D0-43BE-84C0-D1C25B8847B9}" = Nain jaune
"{04C2D8AE-A345-47B7-81A9-8156BD13CEFF}_is1" = Jewel Quest (Iwin) fr
"{13609B61-1672-4AC1-9CA2-EACEA5BEA078}_is1" = Big Money fr
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{159A625F-5B09-4B98-A8B5-9933962727CB}" = Belgium e-ID middleware 3.5 Sdk (build 4417)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38CEB5E4-8F71-44C8-8D19-AD1045D9A50C}" = Kit de préinstallation OEM Windows
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4983AA07-81D0-4605-BF92-49A343056DC8}" = Conseiller de mise à niveau vers Windows 7
"{4E63A075-4252-48C4-AFEB-3E13C8424426}" = Super Casse-briques 3
"{518E7702-18C9-4CF7-9BC2-EEEA9E252763}" = OpenOffice.org 2.0
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Utilitaire de sauvegarde Windows
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Edition Découverte 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Français
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{AF7C627C-F354-4FF1-8450-398C806B436E}" = Power IEv3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite 2007.SP1 (Win64/32/CE)
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Sitecom Europe
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E50DCA1D-24A3-4417-A807-D7DD554C130E}_is1" = Stitch Blazing Lasers fr
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA248851-A7D5-4906-8C46-A3CA267F6A24}" = Belgium Identity Card Run-time 2.6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FDE9FC7A-BF6D-4347-850D-05A16E6FEE17}" = Belgacom Genius
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Edition Découverte 3.2" = Adobe® Photoshop® Album Edition Découverte 3.2
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"AGFAnet Print Service" = AGFAnet Print Service
"AnarkClient40" = Anark Client 4
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Désinstalleur" = Désinstalleur
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Capture" = FastStone Capture 5.2
"Free Mahjong Planet_is1" = Free Mahjong Planet
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxi Puzzles_is1" = Maxi Puzzles
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoneyMania_is1" = MoneyMania version 1.51
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"New 7 Wonders 3D Screensaver_is1" = New 7 Wonders 3D Screensaver v. 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Play Mahjong Forever_is1" = Play Mahjong Forever
"rayman2" = rayman2
"RealArcade 1.2" = RealArcade
"Recovery Toolbox for Outlook Express_is1" = Recovery Toolbox for Outlook Express 1.1
"Secrets of the Seas_is1" = Secrets of the Seas fr
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Super Jeux de Lettres" = Micro Application - Super Jeux de Lettres
"Super Patiences et Réussites" = Micro Application - Super Patiences et Réussites
"THE Rename_is1" = THE Rename 2.1.6
"The Secrets of Da Vinci_is1" = The Secrets of Da Vinci fr
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"VLC media player" = VLC media player 1.0.3
"VSO PhotoDVD_is1" = PhotoDVD 2.6.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{EA248851-A7D5-4906-8C46-A3CA267F6A24}" = Belgium Identity Card Run-time 2.6

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/03/2011 11:35:02 | Computer Name = BUREAU | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1947675332.

Error - 15/03/2011 11:37:15 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 12:48:13 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 17817396.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 12:48:57 | Computer Name = BUREAU | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs -1947675332.

Error - 15/03/2011 12:54:03 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 17817396.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 15:08:11 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 38002484.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 15:10:50 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 38002484.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 15:13:00 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 38002484.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 15:47:47 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 17817396.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/03/2011 15:51:07 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée 17817396.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 18/03/2011 13:19:37 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Fips KLIF Processor Tosrfcom

Error - 18/03/2011 13:21:26 | Computer Name = BUREAU | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18/03/2011 13:30:47 | Computer Name = BUREAU | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18/03/2011 13:31:43 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Fips KLIF Processor Tosrfcom

Error - 18/03/2011 13:56:43 | Computer Name = BUREAU | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18/03/2011 17:52:33 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7034
Description = Le service NVIDIA Display Driver Service s'est terminé de façon inattendue
pour la 1ème fois.

Error - 18/03/2011 18:06:32 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7034
Description = Le service Smart Card s'est terminé de façon inattendue pour la 1ème
fois.

Error - 18/03/2011 18:17:06 | Computer Name = BUREAU | Source = PlugPlayManager | ID = 11
Description = Le périphérique Root\LEGACY_UXDCMN\0000 a disparu du système sans
que sa suppression ait tout d'abord été préparée.

Error - 18/03/2011 18:20:33 | Computer Name = BUREAU | Source = Print | ID = 19
Description = Échec du partage de l'imprimante + 1722, Imprimante PDFCreator nom
de partage PDFCreator.

Error - 19/03/2011 3:30:11 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7034
Description = Le service NVIDIA Display Driver Service s'est terminé de façon inattendue
pour la 1ème fois.


< End of report >

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 19 March 2011 - 01:31 PM

Hello,

could the drive D : receive a copy of my documents,music, e-mails,... in security ?

If you decide to reformat and reinstall you will have to save all that information on a external drive or USB.

You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions . Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.

Note:
Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.


My first idea if my computer is really in bad and dangerous situation was to try to see if a restore point created automatically by Windows XP before the infection is available ?

The restore point would also contain the infection.

Here is a few more options to try and get your c:/ drive back.

1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component
    [2011/03/15 20:49:29 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17817396r
    [2011/03/15 20:49:29 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17817396
    [2011/03/15 20:12:13 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~38002484r
    [2011/03/15 20:12:13 | 000,000,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~38002484
    [2011/03/15 20:07:14 | 000,000,328 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\38002484
    [2011/03/15 18:01:08 | 000,000,392 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\17817396
    [2008/06/10 20:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
    [2009/07/11 20:23:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CFE8F97
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


2.
We need to check your hard disk for errors.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.

3.
You may have corrupt critical system files. Let's see if we can fix that.

1. Click Start
2. Click Run
  • Type in sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
  • If any files require replacing SFC will replace them. You may be asked to insert your Window XP CD for this process to continue. This can be done with a borrowed CD if you don't have one.
  • Be patient because the scan may take some time.
  • Allow the scan to run and when completed, reboot the system.

4.
1. Click Start
2. Right Click My Computer
3. Select Explore
4. At the top Click Tools
5. Click Folder Options
6. Click Restore Defaults

5.
  • 1. Double click on the Posted Image icon on your desktop.
    2. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    3. Push the Quick Scan button.
    4. One report will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened


Things to include in your next reply::
OTL fix txt

OTL.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 jeanpierrre

jeanpierrre
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 20 March 2011 - 03:11 AM

Hello,

Regarding the corrective microsoft for access to my program, it requires XP SP3. I do not know if I should update from SP2 in actual circumstances ?


After fixing with OTL, the only change was : all the icons which were on my desktop prior the infection are back.
No other improvement after doing the last options received from you.

Have a good sunday,

jeanpierre



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
C:\Program Files\Google\Google Toolbar\Component folder moved successfully.
C:\Documents and Settings\All Users\Application Data\~17817396r moved successfully.
C:\Documents and Settings\All Users\Application Data\~17817396 moved successfully.
C:\Documents and Settings\All Users\Application Data\~38002484r moved successfully.
C:\Documents and Settings\All Users\Application Data\~38002484 moved successfully.
C:\Documents and Settings\All Users\Application Data\38002484 moved successfully.
C:\Documents and Settings\All Users\Application Data\17817396 moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\TDM - The Secrets of Da Vinci folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Stitch’s Blazing Lasers folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Jewel Quest (Iwin) - NS BB - Multi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY folder moved successfully.
C:\Documents and Settings\All Users\Application Data\vsosdk folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CFE8F97 deleted successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 03192011_204132



OTL logfile created on: 20/03/2011 7:37:28 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JEAN-PIERRE\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

1.023,00 Mb Total Physical Memory | 542,00 Mb Available Physical Memory | 53,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 104,30 Gb Free Space | 69,98% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 139,02 Gb Free Space | 93,27% Space Free | Partition Type: NTFS

Computer Name: BUREAU | User Name: JEAN-PIERRE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
PRC - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | -H-- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007/06/13 14:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/16 10:45:30 | 000,063,712 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
PRC - [2007/02/19 15:16:40 | 000,225,280 | -H-- | M] ( Zetes) -- C:\WINDOWS\system32\beidservicecrl.exe
PRC - [2006/03/23 17:06:50 | 001,398,272 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2006/03/23 17:06:38 | 000,880,128 | -H-- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/08/05 13:00:00 | 000,060,416 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
MOD - [2006/08/25 16:51:12 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/04 14:37:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/02 10:57:54 | 000,052,288 | -H-- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/10/16 00:40:40 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/12/13 18:27:10 | 000,075,304 | -H-- | M] (Zone Labs, LLC) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/02/19 15:16:40 | 000,225,280 | -H-- | M] ( Zetes) [Auto | Running] -- C:\WINDOWS\system32\beidservicecrl.exe -- (eID CRL Service)
SRV - [2007/02/19 15:16:20 | 000,331,776 | -H-- | M] (Zetes) [On_Demand | Stopped] -- C:\WINDOWS\system32\beidservicepcsc.exe -- (eID Privacy Service)
SRV - [2006/08/01 17:13:52 | 000,119,800 | -H-- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2006/08/01 17:11:44 | 001,156,096 | -H-- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2006/03/23 17:06:38 | 000,880,128 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/04/04 00:41:10 | 000,069,632 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/12/13 18:27:14 | 000,394,952 | -H-- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/10/18 19:18:44 | 000,051,176 | -H-- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/07/19 14:10:28 | 000,127,768 | -H-- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/04/17 09:31:26 | 004,262,912 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/23 17:15:58 | 000,102,016 | -H-- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2006/03/23 17:15:56 | 000,033,536 | -H-- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/03/23 17:15:56 | 000,029,440 | -H-- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/09/22 09:34:18 | 003,727,680 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/13 16:32:00 | 000,034,816 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/08/26 21:10:20 | 000,108,672 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2005/07/29 10:11:04 | 000,012,928 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 10:11:02 | 000,034,048 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/27 17:48:08 | 000,053,504 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2005/04/06 08:54:44 | 000,050,048 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/03/30 11:42:54 | 000,047,230 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2005/01/06 12:42:42 | 000,018,612 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/10/04 09:33:02 | 000,062,799 | -H-- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2004/08/04 00:08:22 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/07/08 16:07:34 | 000,036,531 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/03/19 05:34:54 | 000,027,136 | RH-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2002/10/16 12:55:48 | 000,002,851 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2001/08/17 23:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22:51:32 | 000,018,688 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/defaultf.aspx?lang=fr-be&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-be
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 4B 45 58 0B E6 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/03/18 23:21:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217010061682&h=9826a0cb0d4e9265bdb488f33cdadbc7/&filename=jinstall-6u7-windows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} http://belgacom.extrafilm.be/ImageUploader4.cab (Image Uploader)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Polynsie.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Polynsie.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/19 09:38:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 03:00:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/19 21:26:16 | 000,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/03/19 21:26:12 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/03/19 21:25:53 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/03/19 21:25:47 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/03/19 21:24:53 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/03/19 21:24:49 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/03/19 21:24:36 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/03/19 21:24:12 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/03/19 21:23:55 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/03/19 21:23:51 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/03/19 21:23:47 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/03/19 21:23:43 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/03/19 21:23:38 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/03/19 21:23:31 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/03/19 21:23:27 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/03/19 21:23:10 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/03/19 21:22:55 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/03/19 21:22:52 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/03/19 21:22:48 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/03/19 21:22:39 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/03/19 21:22:18 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/03/19 21:22:04 | 000,212,480 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/03/19 21:22:00 | 000,216,576 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/03/19 21:21:44 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/03/19 21:21:41 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/03/19 21:21:38 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/03/19 21:21:34 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/03/19 21:21:31 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/03/19 21:21:27 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/03/19 21:20:54 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/03/19 21:20:48 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/03/19 21:20:44 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/03/19 21:20:43 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/03/19 21:20:38 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/03/19 21:20:35 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/03/19 21:20:18 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/03/19 21:20:15 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/03/19 21:19:32 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/03/19 21:19:29 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/03/19 21:19:26 | 000,286,848 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/03/19 21:19:22 | 000,017,024 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/03/19 21:19:15 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/03/19 21:18:51 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/03/19 21:18:21 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/03/19 21:18:17 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/03/19 21:18:14 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/03/19 21:18:10 | 000,036,937 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/03/19 21:18:07 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/03/19 21:17:40 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/03/19 21:17:38 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/03/19 21:17:34 | 000,095,114 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/03/19 21:17:28 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/03/19 21:16:49 | 000,161,664 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/03/19 21:16:46 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/03/19 21:16:43 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/03/19 21:16:40 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/03/19 21:16:10 | 000,017,536 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/03/19 21:16:03 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/03/19 21:16:00 | 000,024,064 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/03/19 21:15:43 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/03/19 21:15:40 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/03/19 21:15:37 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/03/19 21:15:34 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/03/19 21:15:31 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/03/19 21:15:28 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/03/19 21:15:26 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/03/19 21:15:23 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/03/19 21:15:20 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/03/19 21:15:13 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/03/19 21:15:10 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/03/19 21:15:06 | 000,026,624 | ---- | C] (RICOH Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/03/19 21:15:03 | 000,025,088 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/03/19 21:14:50 | 000,010,240 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/03/19 21:14:41 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/03/19 21:14:37 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/03/19 21:14:33 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/03/19 21:14:15 | 000,715,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/03/19 21:14:12 | 000,899,914 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/03/19 21:13:40 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/03/19 21:13:37 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/03/19 21:13:34 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/03/19 21:13:23 | 000,016,512 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/03/19 21:12:32 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/03/19 21:12:21 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/03/19 21:12:20 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/03/19 21:12:17 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/03/19 21:11:37 | 000,054,954 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/03/19 21:11:32 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/03/19 21:11:27 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/03/19 21:10:55 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/03/19 21:10:39 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/03/19 21:10:36 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/03/19 21:10:28 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/03/19 21:10:14 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/03/19 21:10:12 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/03/19 21:10:03 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/03/19 21:10:00 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/03/19 21:09:57 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/03/19 21:09:55 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/03/19 21:09:52 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/03/19 21:09:49 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/03/19 21:09:41 | 000,076,928 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/03/19 21:09:38 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/03/19 21:09:36 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/03/19 21:09:33 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/03/19 21:09:30 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/03/19 21:08:12 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/03/19 21:07:33 | 000,165,066 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/03/19 21:07:09 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/03/19 21:07:07 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/03/19 21:07:05 | 000,422,528 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/03/19 21:07:02 | 000,607,452 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/03/19 21:07:02 | 000,577,514 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/03/19 21:07:00 | 000,728,554 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/03/19 21:06:51 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/03/19 21:06:48 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/03/19 21:06:45 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/03/19 21:06:42 | 000,016,384 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/03/19 21:06:37 | 000,026,922 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/03/19 21:06:34 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/03/19 21:05:39 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/03/19 21:04:49 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/03/19 21:02:36 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/03/19 21:02:27 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/03/19 21:01:53 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/03/19 21:01:51 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/03/19 21:01:48 | 000,017,664 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/03/19 21:01:32 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/03/19 21:01:22 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/03/19 21:01:20 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/03/19 21:01:16 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/03/19 21:01:14 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/03/19 21:01:12 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/03/19 21:01:10 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/03/19 21:00:54 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/03/19 21:00:50 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/03/19 21:00:48 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/03/19 20:59:17 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/03/19 20:59:10 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/03/19 20:58:59 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/03/19 20:58:57 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/03/19 20:58:56 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/03/19 20:58:51 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/03/19 20:58:50 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/03/19 20:58:48 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/03/19 20:58:44 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/03/19 20:58:22 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/03/19 20:58:21 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/03/19 20:58:17 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/03/19 20:57:49 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/03/19 20:57:48 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/03/19 20:57:47 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/03/19 20:57:46 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/03/19 20:57:45 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/03/19 20:57:44 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/03/19 20:57:43 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/03/19 20:57:42 | 000,252,416 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/03/19 20:57:34 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/03/19 20:57:14 | 000,020,864 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/03/19 20:57:02 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/03/19 20:56:51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/03/19 20:56:50 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/03/19 20:56:50 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/03/19 20:56:49 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/03/19 20:56:48 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/03/19 20:56:43 | 000,715,466 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/03/19 20:56:43 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/03/19 20:56:42 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/03/19 20:56:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/03/19 20:56:38 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/03/19 20:56:37 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/03/19 20:56:03 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/03/19 20:56:02 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/03/19 20:56:02 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/03/19 20:56:01 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/03/19 20:56:01 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/03/19 20:56:00 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/03/19 20:55:59 | 000,039,808 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/03/19 20:55:59 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/03/19 20:55:56 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/03/19 20:55:56 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/03/19 20:55:55 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/03/19 20:55:54 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/03/19 20:55:53 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/03/19 20:55:53 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/03/19 20:55:52 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/03/19 20:55:51 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/03/19 20:55:51 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/03/19 20:55:50 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/03/19 20:55:47 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/03/19 20:55:42 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/03/19 20:55:42 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/03/19 20:55:41 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/03/19 20:55:41 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/03/19 20:55:40 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/03/19 20:55:39 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/03/19 20:55:39 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/03/19 20:54:59 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/03/19 20:54:53 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/03/19 20:54:30 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/03/19 20:54:29 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/03/19 20:54:29 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/03/19 20:54:29 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/03/19 20:54:28 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/03/19 20:54:26 | 000,061,952 | ---- | C] (Scanneur à plat couleur) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/03/19 20:54:21 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/03/19 20:54:21 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/03/19 20:54:16 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/03/19 20:54:16 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/03/19 20:54:15 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/03/19 20:41:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/19 20:19:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
[2011/03/19 18:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Avira
[2011/03/19 17:03:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\OTL.exe
[2011/03/19 13:08:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/19 10:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/19 09:01:55 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\mbam-setup.exe
[2011/03/18 23:27:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/18 22:48:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/03/18 20:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira
[2011/03/18 20:28:14 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/03/18 20:28:10 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/18 20:28:10 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/18 20:28:10 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/03/18 20:28:10 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/03/18 20:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/18 20:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/03/18 11:07:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/18 11:02:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/18 11:02:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/18 11:02:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/18 11:02:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/18 11:01:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/18 11:00:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/17 17:31:04 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\tdsskiller.exe
[2011/03/16 13:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Malwarebytes
[2011/03/15 21:53:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/15 21:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/03/15 21:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/15 21:53:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/15 21:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/15 21:07:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JEAN-PIERRE\Recent
[2011/03/15 13:54:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/15 13:50:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/05 15:32:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JEAN-PIERRE\Local Settings\Application Data\PackageAware
[2011/03/05 14:29:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/05 14:28:43 | 000,000,000 | -H-D | C] -- C:\Program Files\NOS
[2011/03/05 14:28:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/07/09 19:50:57 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\JEAN-PIERRE\Application Data\pcouffin.sys
[2007/01/26 22:10:51 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/20 07:38:43 | 188,735,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2011/03/20 07:32:03 | 000,081,858 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/20 07:31:54 | 000,001,060 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/20 06:54:15 | 000,001,064 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/20 01:48:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/20 01:48:05 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 21:41:23 | 002,213,744 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\OTL.exe
[2011/03/19 17:03:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JEAN-PIERRE\Bureau\OTL.exe
[2011/03/19 09:06:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/19 09:01:55 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\mbam-setup.exe
[2011/03/18 23:21:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/18 20:28:34 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/03/18 20:25:42 | 051,349,520 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\avira_antivir_personal_en.exe
[2011/03/18 18:30:27 | 000,012,598 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/18 18:27:37 | 004,289,870 | R--- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\ComboFix.exe
[2011/03/18 18:27:37 | 004,289,870 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\ComboFix.exe
[2011/03/18 11:07:30 | 000,000,332 | -HS- | M] () -- C:\boot.ini
[2011/03/17 16:50:38 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\tdsskiller.exe
[2011/03/17 09:35:32 | 000,045,056 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/16 16:02:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/15 21:53:45 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Malwarebytes' Anti-Malware.lnk
[2011/03/15 16:03:58 | 000,347,818 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Réactiver le gestionnaire des tâches - Zebulon_fr.mht
[2011/03/12 20:03:28 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/10 17:41:31 | 004,774,118 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Es war kein Handspiel.avi
[2011/03/10 15:02:27 | 000,000,770 | -H-- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Google Maps.url
[2011/03/05 14:57:53 | 000,000,569 | -H-- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/03/03 11:52:59 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2011/02/26 11:40:14 | 003,875,986 | R--- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Nouveau Dossier compressé.zip
[2011/02/26 11:35:18 | 000,566,081 | ---- | M] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\[Windows XP] Points de restauration.mht
[2011/02/22 10:08:11 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/19 21:26:09 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/03/19 21:26:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/03/19 21:13:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/03/19 21:13:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/03/19 21:11:35 | 000,044,297 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/03/19 21:08:25 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/03/19 21:04:56 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2011/03/19 21:02:34 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/03/19 21:02:29 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/03/19 21:02:25 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/03/19 21:02:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/03/19 21:02:16 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/03/19 20:58:55 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/03/19 20:58:54 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/03/19 20:58:53 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/03/19 20:58:49 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/03/19 20:55:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/03/19 20:55:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/03/19 20:55:26 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/03/19 20:55:24 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/03/19 20:55:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/03/19 20:55:23 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/03/19 20:55:22 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/03/19 20:55:22 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/03/19 20:55:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/03/19 20:55:11 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/03/19 18:38:29 | 000,566,081 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\[Windows XP] Points de restauration.mht
[2011/03/19 09:06:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/03/18 20:28:34 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/03/18 20:25:42 | 051,349,520 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\avira_antivir_personal_en.exe
[2011/03/18 18:58:37 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/18 18:28:40 | 004,289,870 | R--- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\ComboFix.exe
[2011/03/18 18:27:27 | 004,289,870 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\ComboFix.exe
[2011/03/18 11:07:30 | 000,000,216 | -HS- | C] () -- C:\Boot.bak
[2011/03/18 11:07:27 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/03/18 11:02:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/18 11:02:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/18 11:02:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/18 11:02:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/18 11:02:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/15 21:53:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Malwarebytes' Anti-Malware.lnk
[2011/03/15 16:03:47 | 000,347,818 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Réactiver le gestionnaire des tâches - Zebulon_fr.mht
[2011/03/10 17:41:30 | 004,774,118 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Bureau\Es war kein Handspiel.avi
[2011/03/05 14:48:04 | 000,002,315 | -H-- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Reader X.lnk
[2011/02/26 11:37:54 | 003,875,986 | R--- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Mes documents\Nouveau Dossier compressé.zip
[2010/11/25 17:28:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/19 12:34:05 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/02 22:59:58 | 000,052,308 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/28 13:07:31 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/08/28 13:07:31 | 000,002,413 | -H-- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/08/27 21:33:08 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/27 20:27:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/07/20 21:16:29 | 000,000,569 | -H-- | C] () -- C:\WINDOWS\ULEAD32.INI
[2009/07/09 19:53:22 | 000,000,107 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Printer.ini
[2009/07/09 19:50:57 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Application Data\pcouffin.cat
[2009/07/09 19:50:57 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Application Data\pcouffin.inf
[2008/11/21 22:47:52 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/23 09:40:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/07/14 19:45:43 | 000,000,057 | -H-- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2008/07/12 13:13:58 | 188,735,520 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/06/30 11:06:26 | 000,000,063 | -H-- | C] () -- C:\WINDOWS\mdm.ini
[2007/11/26 20:50:39 | 000,332,208 | -H-- | C] () -- C:\WINDOWS\C4DLL.dll
[2007/07/21 14:20:26 | 000,108,032 | -H-- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2007/06/23 19:36:41 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/13 10:47:23 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\XRUNX.BIN
[2007/05/13 10:47:22 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2007/05/13 10:43:07 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\XXXProgress.dll
[2007/05/13 10:42:19 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD-Start.INI
[2007/03/31 15:41:13 | 000,021,904 | -H-- | C] () -- C:\WINDOWS\System32\imsinstall_loc040c.dll
[2007/03/31 15:41:13 | 000,017,808 | -H-- | C] () -- C:\WINDOWS\System32\imslsp_install_loc040c.dll
[2007/03/11 21:15:16 | 000,000,040 | -H-- | C] () -- C:\WINDOWS\INTER.INI
[2007/02/09 21:05:24 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006/12/06 21:31:03 | 000,000,151 | -H-- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/11/27 13:37:43 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/11/26 22:15:48 | 000,796,584 | -H-- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/11/21 17:19:42 | 000,003,712 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/21 09:47:14 | 000,045,056 | -H-- | C] () -- C:\Documents and Settings\JEAN-PIERRE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/16 17:53:26 | 000,000,042 | -H-- | C] () -- C:\WINDOWS\promedia.INI
[2006/09/30 12:27:28 | 000,003,972 | -H-- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006/09/30 12:21:53 | 000,040,960 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/30 12:19:06 | 000,004,714 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/09/30 12:19:04 | 000,005,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/08/11 20:45:20 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:10 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/11 20:43:00 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/11 20:43:00 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/11 20:43:00 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/11 20:43:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/11 20:43:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/11 20:43:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/11 20:43:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/11 20:43:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/11 20:43:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/04/19 11:29:39 | 000,004,205 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/19 11:28:39 | 000,237,552 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/19 09:48:52 | 000,000,482 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/19 09:45:53 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/19 09:44:45 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/04/19 09:42:00 | 000,000,498 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/19 09:41:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/19 09:36:09 | 000,021,892 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/12/22 11:56:08 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\beidcsp.dll
[2005/09/16 07:14:36 | 000,135,168 | RH-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/22 21:54:30 | 004,202,496 | -H-- | C] () -- C:\WINDOWS\System32\qt-mt334.dll
[2004/12/02 14:20:16 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 09:09:06 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/05 13:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 13:00:00 | 000,502,032 | -H-- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 13:00:00 | 000,433,698 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 13:00:00 | 000,322,810 | -H-- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 13:00:00 | 000,081,378 | -H-- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 13:00:00 | 000,067,984 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 13:00:00 | 000,034,108 | -H-- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 13:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 13:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 13:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/05 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/20 16:04:02 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:28 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 14:33:26 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/07/24 20:21:08 | 000,345,088 | -H-- | C] () -- C:\WINDOWS\System32\renMM.dll
[2002/09/18 14:14:56 | 000,274,432 | -H-- | C] () -- C:\WINDOWS\System32\therename.dll
[2002/09/18 14:13:58 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\renogg.dll
[1999/01/22 19:46:58 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/08/28 13:07:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/07/12 13:10:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2006/12/26 21:33:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2007/08/18 21:58:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/28 21:27:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/01 20:26:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/02 22:49:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/15 15:21:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/18 18:17:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\beid-cache
[2008/03/13 20:26:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\FlowPlay
[2007/04/04 21:27:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Hulabee
[2007/06/21 17:14:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Leadertech
[2009/08/28 21:44:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\LG Electronics
[2009/08/06 22:37:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JEAN-PIERRE\Application Data\Vso

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/05 13:00:00 | 018,779,217 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 13:00:00 | 018,779,217 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:33:34 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll
[2009/02/06 19:46:49 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 19:46:49 | 000,408,064 | -H-- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 03:33:40 | 000,187,392 | -H-- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:21 PM

Posted 20 March 2011 - 12:52 PM

Hello,

Well Im almost out of options. lets try some other stuff.


1.
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Otl
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2006/04/19 09:38:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    
    :Commands
    [EMPTYTEMP]
    [EmptyFlash]
    [Purity]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

2.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

3.
Hello, your log looks much better now.

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

4.
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

5.
Go ahead a run OTL and give me the log as we did last post.

Things to include in your next reply::
OTL FIx log
DRweb log
A new OTL.txt

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users