Results 1 to 10 of 15

Thread: Unable to delete Win32.Autorun.tmp

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Default Unable to delete Win32.Autorun.tmp

    Hi,

    I have recently observed an abnormal behavior of my PC and, after performing SpyBot scan I found that Win32.Autorun.tmp is on it. As probably usual in my situation, I have run SpyBot several times in attempt to eliminate it, but without results. I have tried to follow the procedure described on this forum, but have not found the file 5kstzaw.exe.

    As a last tentative (before formatting the OS partition), I put my DDS log below. Thanks in advance for any of you who will find time to take a look on this problem.

    P.S. I have a French version of Windows, but have not found an equivalent forum in French. It should not be a problem while reading DSS file, but if you find I should go to a more appropriate forum, please indicate me one.

    P.S.S. As advised on certain forums, I have tried to perform a scan with GMER, but the virus was either completely slowing down the system or generating the error with following exit from OS (blue screen during a second, followed by shutdown)

    Thanks again

    -------------------------------------------------------------------------
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Artem at 15:38:04,06 on lun. 13/09/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1372 [GMT 2:00]

    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Documents and Settings\Artem\Bureau\dds.scr

    ============== Pseudo HJT Report ===============

    uWindow Title =
    mWinlogon: Taskman=c:\documents and settings\artem\application data\sjlp.exe
    uWinlogon: Shell=explorer.exe,c:\documents and settings\artem\application data\sjlp.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ToshibaGLDocMon] "c:\program files\toshiba\toshiba e-studio client\GLDocMon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NeroFilterCheck] c:\program files\fichiers communs\ahead\lib\NeroCheck.exe
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [HControl] c:\windows\atk0100\HControl.exe
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\artem\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\artem\menudm~1\progra~1\dmarra~1\skype.lnk - c:\windows\installer\{d103c4ba-f905-437a-8049-db24763bbe36}\SkypeIcon.exe
    StartupFolder: c:\docume~1\alluse~1.win\menudm~1\progra~1\dmarra~1\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222447142812
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {DC6EA748-82AF-4331-A1EE-0B19E2A69E1A} = 164.15.59.200
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\artem\applic~1\mozilla\firefox\profiles\mniywwju.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://wwwdev.ulb.ac.be/webmail2/webmail2.php
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-4 343920]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
    R2 McAfeeFramework;Service McAfee Framework;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-4-19 70728]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-4 91832]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-4 43288]
    R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [2008-9-26 1208064]
    R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2008-9-26 8064]
    S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-11 38224]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-19 66600]

    =============== Created Last 30 ================

    2010-09-12 21:18:31 0 d-----w- c:\windows\pss
    2010-09-11 19:37:39 0 d-sha-r- C:\Autorun.inf
    2010-09-11 18:49:16 0 d-----w- c:\docume~1\artem\applic~1\Malwarebytes
    2010-09-11 18:49:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-11 18:49:06 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
    2010-09-11 18:49:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-11 18:49:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-11 17:35:22 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2010-09-11 17:11:34 2941 ----a-w- C:\UsbFix_Upload_Me_ULB-614A9323631.zip
    2010-09-11 15:59:05 32768 ---ha-w- C:\SZKGFS.dat
    2010-09-11 15:54:15 0 d-----w- C:\UsbFix
    2010-09-11 15:53:54 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SITEguard
    2010-09-11 15:52:47 0 d-----w- c:\program files\fichiers communs\iS3
    2010-09-11 15:52:46 0 d-----w- c:\docume~1\alluse~1.win\applic~1\STOPzilla!
    2010-09-10 01:47:23 0 d-----w- c:\program files\GnuChess
    2010-09-01 13:00:45 91136 --sh--r- c:\docume~1\artem\applic~1\sjlp.exe

    ==================== Find3M ====================

    2010-09-10 01:34:19 49898 ----a-w- c:\windows\system32\perfc00C.dat
    2010-09-10 01:34:19 371218 ----a-w- c:\windows\system32\perfh00C.dat
    2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-30 12:32:14 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:25:24 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 09:02:32 1852032 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:10 80384 ----a-w- c:\windows\system32\iccvid.dll
    2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
    2009-09-04 07:30:47 16384 --sha-w- c:\windows\temp\cookies\index.dat
    2009-09-04 07:30:47 32768 --sha-w- c:\windows\temp\fichiers internet temporaires\content.ie5\index.dat
    2009-09-04 07:30:47 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

    ============= FINISH: 15:39:24,78 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.




    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean






    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Post

    Hi ken545,

    First of all, thanks a lot for your reply. I have followed your instruction, and got the following log from Malwarebytes

    ---------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4628

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    16/09/2010 15:31:54
    mbam-log-2010-09-16 (15-31-54).txt

    Scan type: Quick scan
    Objects scanned: 148149
    Time elapsed: 8 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Artem\Application Data\sjlp.exe (Worm.Palevo) -> Delete on reboot.
    C:\Documents and Settings\Administrateur\Application Data\sjlp.exe (Worm.Palevo) -> Quarantined and deleted successfully.
    -------------------------------------------------------------------------

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, lets check a bit deeper.

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in
      Code:
      
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      mv61xx.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav 
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Default

    Hi ken545,

    thanks for a quick reply and for your suggestions. Please find the logs of OTL below. Just to mention that SpyBot no longer detects win32.Autorun.tmp and that its apparent activity (browser page redirection, connections to unknown ip addresses, etc.) has decreased, if not disappeared.

    Here is the OTL.txt file; the Extra.txt will follow.

    Thanks again for your time.
    --------------------------------------------------------------------------
    OTL logfile created on: 16/09/2010 17:20:15 - Run 1
    OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Artem\Bureau
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24,50 Gb Total Space | 5,33 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
    Drive D: | 9,77 Gb Total Space | 1,44 Gb Free Space | 14,79% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ULB-614A9323631
    Current User Name: Artem
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Artem\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\WINDOWS\ATK0100\HControl.exe ()
    PRC - C:\WINDOWS\ATK0100\ATKOSD.exe ()
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
    PRC - C:\Program Files\Toshiba\TOSHIBA e-STUDIO Client\GLDocMon.exe ()
    PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Artem\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
    MOD - C:\Program Files\Fichiers communs\Microsoft Shared\INK\SKCHUI.DLL (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe File not found
    SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe File not found
    SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
    SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
    SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
    SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
    SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
    SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
    SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
    SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
    SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
    SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys File not found
    DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (NETw4x32) Pilote de carte Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
    DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
    DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (SynMini) -- C:\WINDOWS\system32\drivers\SynMini.sys ()
    DRV - (SynScan) -- C:\WINDOWS\system32\drivers\SynScan.sys ()
    DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
    DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
    DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.)
    DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
    DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
    DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
    DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
    DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
    DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
    DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.)
    DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys ()
    DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
    DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
    DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://wwwdev.ulb.ac.be/webmail2/webmail2.php"
    FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
    FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: ru@dictionaries.addons.mozilla.org:0.4.4
    FF - prefs.js..extensions.enabledItems: uk-ua@dictionaries.addons.mozilla.org:1.6.0
    FF - prefs.js..extensions.enabledItems: nl-NL@dictionaries.addons.mozilla.org:2.2.0
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/11 22:31:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/15 11:47:11 | 000,000,000 | ---D | M]

    [2008/09/26 16:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Extensions
    [2010/09/16 12:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions
    [2009/10/15 14:03:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/03/17 17:29:39 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2010/09/11 22:57:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
    [2008/09/28 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2010/02/07 11:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\fr@dictionaries.addons.mozilla.org
    [2009/08/28 21:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\LogMeInClient@logmein.com
    [2009/08/12 12:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\nl-NL@dictionaries.addons.mozilla.org
    [2010/09/16 12:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\ru@dictionaries.addons.mozilla.org
    [2009/08/20 12:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Mozilla\Firefox\Profiles\mniywwju.default\extensions\uk-ua@dictionaries.addons.mozilla.org
    [2010/09/16 10:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/07/12 13:05:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/05/02 12:32:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/01 17:13:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2009/10/22 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/12/18 11:10:44 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2009/12/18 11:10:44 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2009/12/18 11:10:44 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2009/12/18 11:10:45 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2010/09/16 15:59:19 | 000,419,461 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 14474 more lines...
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [ToshibaGLDocMon] C:\Program Files\TOSHIBA\TOSHIBA e-STUDIO Client\GLDocMon.exe ()
    O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
    O4 - Startup: C:\Documents and Settings\Artem\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Artem\Menu Démarrer\Programmes\Démarrage\Skype.lnk = C:\WINDOWS\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1222447142812 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Artem\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Artem\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/26 14:44:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/09/11 21:37:39 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2010/09/11 21:37:39 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/16 17:14:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Artem\Bureau\OTL.exe
    [2010/09/16 15:20:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/16 15:20:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/16 15:19:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Artem\Bureau\mbam-setup-1.46.exe
    [2010/09/16 14:38:58 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Artem\Bureau\TFC.exe
    [2010/09/16 14:14:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2010/09/15 13:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.7
    [2010/09/13 15:04:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/13 14:51:29 | 000,000,000 | ---D | C] -- C:\ERDNT
    [2010/09/13 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/09/12 23:18:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/09/12 12:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artem\Bureau\PAPARS
    [2010/09/11 22:28:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/09/11 21:37:39 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
    [2010/09/11 20:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artem\Application Data\Malwarebytes
    [2010/09/11 20:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    [2010/09/11 20:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/11 17:54:15 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010/09/11 17:54:01 | 001,211,906 | ---- | C] (C_XX & El Desaparecido) -- C:\Documents and Settings\Artem\Bureau\UsbFix.exe
    [2010/09/11 17:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
    [2010/09/11 17:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\iS3
    [2010/09/11 17:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
    [2010/09/10 03:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artem\Bureau\Caniiso
    [2010/09/10 03:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\GnuChess
    [2010/09/04 17:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artem\Bureau\tempo
    [2010/09/01 17:13:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/09/01 17:13:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/09/01 17:13:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/09/16 17:15:59 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D7B34122-7D38-4DB9-BA5B-FA6966AD0A11}.job
    [2010/09/16 17:14:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artem\Bureau\OTL.exe
    [2010/09/16 15:59:19 | 000,419,461 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/16 15:34:50 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Artem\Menu Démarrer\Programmes\Démarrage\Skype.lnk
    [2010/09/16 15:34:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/16 15:34:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/16 15:34:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/16 15:33:10 | 013,631,488 | -H-- | M] () -- C:\Documents and Settings\Artem\NTUSER.DAT
    [2010/09/16 15:20:59 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/09/16 15:19:48 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Artem\Bureau\mbam-setup-1.46.exe
    [2010/09/16 14:40:36 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Artem\Application Data\winscp.rnd
    [2010/09/16 14:38:58 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artem\Bureau\TFC.exe
    [2010/09/16 14:17:29 | 000,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/09/16 12:04:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/15 23:33:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\rcwin.ini
    [2010/09/15 20:27:48 | 000,000,364 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/09/14 19:42:59 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\dds.scr
    [2010/09/14 19:25:02 | 000,419,283 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100916-155919.backup
    [2010/09/14 18:26:47 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Artem\ntuser.ini
    [2010/09/14 17:59:48 | 000,000,212 | -HS- | M] () -- C:\boot.ini
    [2010/09/14 17:59:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/14 10:10:40 | 000,070,488 | ---- | M] () -- C:\Documents and Settings\Artem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/09/14 09:57:18 | 000,001,320 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Cygwin.lnk
    [2010/09/13 15:41:33 | 000,002,912 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\Attach.zip
    [2010/09/13 14:50:26 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Artem\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
    [2010/09/13 14:50:23 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Artem\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
    [2010/09/13 14:50:23 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\ERUNT.lnk
    [2010/09/12 13:40:46 | 000,419,283 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100914-192502.backup
    [2010/09/12 13:32:52 | 000,419,283 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100912-134046.backup
    [2010/09/12 12:48:44 | 000,419,283 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100912-133252.backup
    [2010/09/11 21:37:39 | 000,002,941 | ---- | M] () -- C:\UsbFix_Upload_Me_ULB-614A9323631.zip
    [2010/09/11 19:35:39 | 000,000,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/09/11 19:19:22 | 000,000,796 | ---- | M] () -- C:\WINDOWS\gnuchess.ini
    [2010/09/11 17:59:36 | 000,418,771 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100912-124843.backup
    [2010/09/11 17:59:05 | 000,032,768 | -H-- | M] () -- C:\SZKGFS.dat
    [2010/09/11 17:54:09 | 001,211,906 | ---- | M] (C_XX & El Desaparecido) -- C:\Documents and Settings\Artem\Bureau\UsbFix.exe
    [2010/09/10 05:10:06 | 000,011,374 | ---- | M] () -- C:\Documents and Settings\Artem\gsview32.ini
    [2010/09/10 03:48:06 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\GNUCHESS.EXE.lnk
    [2010/09/10 03:34:19 | 000,782,488 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/09/10 03:34:19 | 000,371,218 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010/09/10 03:34:19 | 000,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/09/10 03:34:19 | 000,049,898 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010/09/10 03:34:19 | 000,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/05 15:40:41 | 000,417,012 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100911-170209.backup
    [2010/09/04 22:59:57 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2010/09/01 23:42:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/08/28 22:43:07 | 001,172,672 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\SPARSKIT2.tar.gz
    [2010/08/27 10:48:22 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\12.5.10.doc
    [2010/08/25 20:01:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Adobe Reader 9.lnk
    [2010/08/25 13:39:18 | 000,066,450 | ---- | M] () -- C:\Documents and Settings\Artem\Mes documents\dnew.f90
    [2010/08/25 13:39:14 | 000,071,301 | ---- | M] () -- C:\Documents and Settings\Artem\Mes documents\dagmg.f90
    [2010/08/24 16:06:42 | 000,046,814 | ---- | M] () -- C:\Documents and Settings\Artem\Bureau\inter_element.cc.htm
    [2010/08/23 10:55:11 | 000,000,642 | -H-- | M] () -- C:\Documents and Settings\Artem\Mes documents\SWWATER.INI

    ========== Files Created - No Company Name ==========

    [2010/09/16 15:20:59 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010/09/14 19:42:35 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\dds.scr
    [2010/09/14 17:59:56 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\Artem\Menu Démarrer\Programmes\Démarrage\Skype.lnk
    [2010/09/14 17:59:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Artem\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
    [2010/09/14 17:59:56 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
    [2010/09/13 15:41:33 | 000,002,912 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\Attach.zip
    [2010/09/13 14:50:23 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Artem\Application Data\Microsoft\Internet Explorer\Quick Launch\ERUNT.lnk
    [2010/09/13 14:50:23 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\ERUNT.lnk
    [2010/09/11 23:26:56 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\prof.exe
    [2010/09/11 19:35:22 | 000,000,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2010/09/11 19:11:34 | 000,002,941 | ---- | C] () -- C:\UsbFix_Upload_Me_ULB-614A9323631.zip
    [2010/09/11 17:59:05 | 000,032,768 | -H-- | C] () -- C:\SZKGFS.dat
    [2010/09/10 03:48:06 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\GNUCHESS.EXE.lnk
    [2010/08/28 22:43:01 | 001,172,672 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\SPARSKIT2.tar.gz
    [2010/08/26 22:15:14 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\12.5.10.doc
    [2010/08/25 13:39:17 | 000,066,450 | ---- | C] () -- C:\Documents and Settings\Artem\Mes documents\dnew.f90
    [2010/08/25 13:39:13 | 000,071,301 | ---- | C] () -- C:\Documents and Settings\Artem\Mes documents\dagmg.f90
    [2010/08/24 16:06:41 | 000,046,814 | ---- | C] () -- C:\Documents and Settings\Artem\Bureau\inter_element.cc.htm
    [2010/08/23 10:55:11 | 000,000,642 | -H-- | C] () -- C:\Documents and Settings\Artem\Mes documents\SWWATER.INI
    [2010/03/31 14:01:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2010/03/28 14:37:40 | 000,246,784 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
    [2010/03/08 23:00:29 | 000,000,186 | ---- | C] () -- C:\WINDOWS\WinCom.INI
    [2009/09/08 14:54:25 | 000,540,776 | ---- | C] () -- C:\WINDOWS\ES1mi.dll
    [2009/09/08 14:54:25 | 000,503,908 | ---- | C] () -- C:\WINDOWS\ES1Disc.dll
    [2009/09/08 14:54:25 | 000,376,832 | ---- | C] () -- C:\WINDOWS\ES1Snmpp.dll
    [2009/09/08 14:54:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\eSDMLD.dll
    [2009/09/08 14:54:15 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
    [2009/09/08 14:54:15 | 000,274,432 | ---- | C] () -- C:\WINDOWS\eSTsnmp.dll
    [2009/09/08 14:54:05 | 000,016,597 | ---- | C] () -- C:\WINDOWS\RIO1_40c.ini
    [2009/08/28 15:03:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Artem\Application Data\winscp.rnd
    [2009/08/15 13:05:47 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2009/07/08 23:45:07 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Artem\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/19 10:51:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Artem\Application Data\PUTTY.RND
    [2009/04/27 06:13:36 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
    [2009/04/14 19:03:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\sex-oneclick-repertoire.ini
    [2009/02/26 22:56:16 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
    [2009/02/26 22:56:16 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
    [2008/12/12 12:38:46 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MSYS.INI
    [2008/12/03 16:18:29 | 000,000,796 | ---- | C] () -- C:\WINDOWS\gnuchess.ini
    [2008/11/07 11:26:54 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS
    [2008/10/31 14:19:14 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
    [2008/10/15 23:38:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2008/10/10 23:49:54 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
    [2008/10/10 23:49:53 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
    [2008/10/07 12:00:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\rcwin.ini
    [2008/10/05 20:48:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008/09/27 23:44:38 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Artem\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/09/26 20:06:55 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Dtctrace.dll
    [2008/09/26 19:06:56 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/09/26 16:03:54 | 000,028,143 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2008/09/26 15:51:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2008/09/26 15:19:04 | 000,014,848 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynSam.sys
    [2008/09/26 15:19:04 | 000,008,064 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynScan.sys
    [2008/09/26 15:18:59 | 000,498,688 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynPin.sys
    [2008/09/26 15:18:59 | 000,030,848 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynCamd.sys
    [2008/09/26 15:18:58 | 001,208,064 | R--- | C] () -- C:\WINDOWS\System32\drivers\SynMini.sys
    [2008/09/26 15:10:43 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2008/09/26 14:57:57 | 000,028,822 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
    [2008/09/26 14:57:47 | 000,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
    [2008/09/26 14:57:30 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2007/04/28 13:05:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/04/28 13:05:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/04/28 13:05:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/04/28 13:05:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/04/17 10:35:49 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
    [2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
    [2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/31 05:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

    ========== LOP Check ==========

    [2008/09/30 11:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
    [2010/09/11 17:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
    [2010/04/13 11:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\STDUConverter
    [2010/09/11 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
    [2010/02/19 10:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
    [2010/03/28 15:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    [2009/06/08 10:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
    [2010/05/29 14:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
    [2009/04/14 09:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\DisplayTune
    [2010/03/08 21:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\FileZilla
    [2008/11/22 11:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\IcoFX
    [2009/06/11 14:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\KDE
    [2010/06/29 13:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Publish or Perish
    [2009/07/08 23:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\Toshiba
    [2010/09/16 17:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artem\Application Data\WinEdt
    [2010/06/06 12:25:17 | 000,000,364 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
    [2010/09/16 17:15:59 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D7B34122-7D38-4DB9-BA5B-FA6966AD0A11}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/09/26 19:09:52 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/09/26 19:09:52 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/09/26 19:09:52 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/09/26 19:09:52 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
    [2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [1999/10/02 10:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\MATLAB\R2007b\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll
    [2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
    [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
    [2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/09/26 15:40:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/09/26 15:40:27 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/09/26 15:40:27 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    < End of report >
    ---------------------------------------------------------------------

  6. #6
    Junior Member
    Join Date
    Sep 2010
    Posts
    8

    Default

    and here is the Extras.txt log. As mentioned in my first log, my Windows version is French. To ease the reading of the last section of this log, I include few (homemade) translations:

    Service s'est terminé de façon inattendue pour la 1ème fois. = Service unexpectedly interrupted for the first time.
    Application bloquée = blocked application
    Application défaillante = failing application

    I should also mention that, in the attempt to understand whether these are regular tasks that suddenly start using a lot of CPU/memory resources, or whether it is trojan activity, I have intentionally killed the tasks that was "consuming" the most. This probably explains the number of interrupted services.

    Thanks again for your help.

    --------------------------------------------------------------------------
    OTL Extras logfile created on: 16/09/2010 17:20:15 - Run 1
    OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Artem\Bureau
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

    2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
    4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24,50 Gb Total Space | 5,33 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
    Drive D: | 9,77 Gb Total Space | 1,44 Gb Free Space | 14,79% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ULB-614A9323631
    Current User Name: Artem
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== Firewall Settings ==========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3306:TCP" = 3306:TCP:*:Enabled:MySQL Server
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\cygwin\usr\X11R6\bin\XWin.exe" = C:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin -- File not found
    "C:\MATLAB\R2007b\bin\win32\MATLAB.exe" = C:\MATLAB\R2007b\bin\win32\MATLAB.exe:*:Enabled:MATLAB -- (The MathWorks Inc.)
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Logiciel de transfert de fichiers -- (Microsoft Corporation)
    "C:\cygwin\bin\XWin.exe" = C:\cygwin\bin\XWin.exe:*:Enabled:XWin -- ()
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\GMSH\gmsh.exe" = C:\GMSH\gmsh.exe:*:Enabled:gmsh -- ()
    "C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{02D7C83F-FCCB-4EEC-9E4B-C6FF8AADC015}" = Power4 Gear
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
    "{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 21
    "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
    "{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
    "{901E040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 French User Interface Pack
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{94ECA004-8B62-45E8-B83D-A85F61A1F0B9}" = eWebEditPro 4 Client
    "{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
    "{97F32DF8-D66E-446A-A425-C1D7B45C1036}" = Nero 7 Essentials
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{985556E5-353F-4AA9-9E75-29AB8A5E4E14}" = Harzing's Publish or Perish 2.8.3644
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
    "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
    "{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{C3BDF1C8-66EF-4A0F-B427-A99E39706F45}_is1" = RMVB Converter 1.8
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
    "{E008BEB1-AB63-46C1-BD3D-08D3A1F8E26D}" = McAfee Agent
    "{E4A41F8D-5DFD-422F-8C7A-D77D56116A56}" = Le Grand Robert & Collins
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EC3D786A-C56F-427B-9B7A-9AC0CA7DB140}" = TOSHIBA e-STUDIO850 Series Client
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Active Ports" = Active Ports
    "Adobe AIR" = Adobe AIR
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
    "CamStudio" = CamStudio
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "ERUNT_is1" = ERUNT 1.1j
    "FileZilla Client" = FileZilla Client 3.1.4.1
    "GPL Ghostscript 8.63" = GPL Ghostscript 8.63
    "GSview 4.9" = GSview 4.9
    "HControl" = ATK0100 ACPI UTILITY
    "IcoFX_is1" = IcoFX 1.6.4
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Imagicon" = Imagicon
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MatlabR2007b" = MATLAB R2007b
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "MiKTeX 2.7" = MiKTeX 2.7
    "MinGW" = MinGW 5.1.4
    "Mozilla Firefox (3.5.12)" = Mozilla Firefox (3.5.12)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSFortranPowerStation" = Microsoft Fortran PowerStation 4.0
    "MSYS-1.0_is1" = "Minimal SYStem 1.0.10"
    "MSYS-DTK_is1" = "MSYS Developer Tool Kit 1.0.1"
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "ProInst" = Intel(R) PROSet/Wireless Software
    "Services Off-line de Home'Bank_is1" = Services Off-line de Home'Bank 4.04
    "SMSERIAL" = Motorola SM56 Speakerphone Modem
    "USB2.0 2M WebCam" = USB2.0 2M WebCam
    "Usbfix" = Usbfix By C_XX & El Desaparecido
    "WinDjView" = WinDjView 1.0.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Lecteur Windows Media*11
    "Windows XP Service" = Windows XP Service Pack*3
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.3 beta
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/08/2010 13:29:14 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée MATLAB.exe, version 1.0.0.1, module bloqué hungapp,
    version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 8/08/2010 14:26:12 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée gmsh.exe, version 0.0.0.0, module bloqué hungapp,
    version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 8/08/2010 14:27:16 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée gmsh.exe, version 0.0.0.0, module bloqué hungapp,
    version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 14/08/2010 16:52:54 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée MATLAB.exe, version 1.0.0.1, module bloqué hungapp,
    version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 16/08/2010 16:38:58 | Computer Name = ULB-614A9323631 | Source = Application Error | ID = 1000
    Description = Application défaillante divxupdate.exe, version 1.0.1.10, module défaillant
    msvcp80.dll, version 8.0.50727.4053, adresse de défaillance 0x000100b5.

    Error - 27/08/2010 17:17:22 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée firefox.exe, version 1.9.1.3834, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 6/09/2010 15:25:05 | Computer Name = ULB-614A9323631 | Source = Application Error | ID = 1000
    Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
    défaillant kernel32.dll, version 5.1.2600.5781, adresse de défaillance 0x00012afb.

    Error - 8/09/2010 20:05:16 | Computer Name = ULB-614A9323631 | Source = Application Error | ID = 1000
    Description = Application défaillante divxupdate.exe, version 1.0.1.10, module défaillant
    msvcp80.dll, version 8.0.50727.4053, adresse de défaillance 0x000100b5.

    Error - 9/09/2010 21:29:37 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée msimn.exe, version 6.0.2900.5512, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error - 11/09/2010 13:08:08 | Computer Name = ULB-614A9323631 | Source = Application Hang | ID = 1002
    Description = Application bloquée iFrmewrk.exe, version 11.1.0.2, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    [ System Events ]
    Error - 16/09/2010 8:40:48 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service Intel(R) PROSet/Wireless Service s'est terminé de façon
    inattendue pour la 1ème fois.

    Error - 16/09/2010 8:40:48 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service LightScribeService Direct Disc Labeling Service s'est terminé
    de façon inattendue pour la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service McAfee Engine Service s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
    la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service Service McAfee Framework s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service Machine Debug Manager s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service McAfee Task Manager s'est terminé de façon inattendue pour
    la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service NVIDIA Display Driver Service s'est terminé de façon inattendue
    pour la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service Intel(R) PROSet/Wireless Registry Service s'est terminé
    de façon inattendue pour la 1ème fois.

    Error - 16/09/2010 8:40:49 | Computer Name = ULB-614A9323631 | Source = Service Control Manager | ID = 7034
    Description = Le service Cyberlink RichVideo Service(CRVS) s'est terminé de façon
    inattendue pour la 1ème fois.


    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •