mdelk.exe [Archive] - Safer-Networking Forums

bigajax

2008-01-30, 01:55

hello,

here i downloaded dss to have the main.txt and the other one will follow.

now who can help me with that?

regards,:euro:

Deckard's System Scanner v20071014.68
Run by J e a n on 2008-01-29 19:28:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
21: 2008-01-30 00:28:07 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-01-30 00:24:45 UTC - RP20 - Installed Symantec Endpoint Protection.
19: 2008-01-30 00:22:23 UTC - RP19 - Installed Symantec Endpoint Protection.
18: 2008-01-29 21:33:21 UTC - RP18 - Installed Kaspersky Anti-Virus 6.0 SOS.
17: 2008-01-29 17:25:44 UTC - RP17 - Installed Symantec Endpoint Protection.

-- First Restore Point --
1: 2008-01-29 00:04:37 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 6.38 GiB (less than 15%) free.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-29 19:30:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
D:\Program Files\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\atidtct.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\J e a n\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMM2007RT] "C:\Program Files\PC MightyMax 2007\pcmm2007.exe" /R
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.solutionstech.bell.ca/qp2.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5217/mcfscan.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3737DB34-891F-458E-BD2D-BC8E179A97B5}: NameServer = 192.168.0.1
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: NBService - Unknown owner - D:\Program Files\Nero 7\Nero
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10346 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R3 DCamLGE (LG USB PC Camera(LPC-U30)) - c:\windows\system32\drivers\lgstrm.sys <Not Verified; LG Electronics Inc.; LG USB Camera II>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD>

S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" (file missing)
S3 NBService - d:\program files\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: ATI Remote Wonder II Pointing Device
Device ID: USB\VID_0471&PID_0602&MI_00\6&72D7964&0&0000
Manufacturer: ATI Technologies Inc.
Name: ATI Remote Wonder II Pointing Device
PNP Device ID: USB\VID_0471&PID_0602&MI_00\6&72D7964&0&0000
Service: ATI Remote Wonder II

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: ATI Remote Wonder II Input Device
Device ID: USB\VID_0471&PID_0602&MI_01\6&72D7964&0&0001
Manufacturer: ATI Technologies Inc.
Name: ATI Remote Wonder II Input Device
PNP Device ID: USB\VID_0471&PID_0602&MI_01\6&72D7964&0&0001
Service: ATI Remote Wonder II

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: ATI Remote Wonder Controller
Device ID: ROOT\USB\0000
Manufacturer: ATI Technologies Inc.
Name: ATI Remote Wonder Controller
PNP Device ID: ROOT\USB\0000
Service: ATI Remote Wonder II

bigajax

2008-01-30, 01:56

here is part 2!

-- Scheduled Tasks -------------------------------------------------------------

2008-01-29 19:04:44 452 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-01-29 19:04:43 366 --a------ C:\WINDOWS\Tasks\XoftSpySE.job

-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-29 19:04:42 0 d-------- C:\Program Files\XoftSpySE
2008-01-29 17:15:10 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2008-01-29 17:15:10 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2008-01-29 17:15:10 24 --a------ C:\WINDOWS\system32\pavdr_actions.sys
2008-01-29 17:07:57 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-29 16:50:38 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-29 16:33:27 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-29 16:33:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-29 16:32:48 0 d-------- C:\KAV
2008-01-29 13:15:27 0 d-------- C:\WINDOWS\BDOSCAN8
2008-01-29 13:15:25 0 d-------- C:\WINDOWS\LastGood
2008-01-29 12:24:36 0 d-------- C:\Program Files\Symantec
2008-01-29 11:33:42 0 d-------- C:\Documents and Settings\J e a n\Application Data\McAfee
2008-01-29 11:10:41 0 d-------- C:\Program Files\McAfee.com
2008-01-29 11:10:36 0 d-------- C:\Program Files\Fichiers communs\McAfee
2008-01-29 11:10:32 0 d-------- C:\Program Files\McAfee
2008-01-29 10:58:50 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-29 08:39:24 0 d-------- C:\WINDOWS\McAfee.com
2008-01-29 08:39:22 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-01-28 21:51:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-28 19:04:31 7864320 --a------ C:\Documents and Settings\J e a n\ntuser.dat
2008-01-28 18:59:42 71172 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-28 18:53:51 0 d-------- C:\Drive(C)
2008-01-28 17:44:15 0 d-------- C:\WINDOWS\pss
2008-01-22 14:09:07 0 d--h----- C:\Documents and Settings\TEMP\Voisinage réseau
2008-01-22 14:09:07 0 d--h----- C:\Documents and Settings\TEMP\Voisinage d'impression
2008-01-22 14:09:07 0 dr-h----- C:\Documents and Settings\TEMP\SendTo
2008-01-22 14:09:07 0 dr-h----- C:\Documents and Settings\TEMP\Recent
2008-01-22 14:09:07 0 d--h----- C:\Documents and Settings\TEMP\Modèles
2008-01-22 14:09:07 0 dr------- C:\Documents and Settings\TEMP\Mes documents
2008-01-22 14:09:07 0 dr------- C:\Documents and Settings\TEMP\Menu Démarrer
2008-01-22 14:09:07 0 d--h----- C:\Documents and Settings\TEMP\Local Settings
2008-01-22 14:09:07 0 dr------- C:\Documents and Settings\TEMP\Favoris
2008-01-22 14:09:07 0 d--hs---- C:\Documents and Settings\TEMP\Cookies
2008-01-22 14:09:07 0 d-------- C:\Documents and Settings\TEMP\Bureau
2008-01-22 14:09:07 0 dr-h----- C:\Documents and Settings\TEMP\Application Data
2008-01-22 14:09:07 0 d-------- C:\Documents and Settings\TEMP\Application Data\Real
2008-01-22 14:09:07 0 d---s---- C:\Documents and Settings\TEMP\Application Data\Microsoft
2008-01-22 14:09:07 0 d-------- C:\Documents and Settings\TEMP\Application Data\Identities
2008-01-22 14:09:07 0 d-------- C:\Documents and Settings\TEMP\Application Data\ATI
2008-01-22 14:09:07 0 d-------- C:\Documents and Settings\TEMP\Application Data\Adobe
2008-01-15 19:00:32 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-01-13 15:00:02 0 d-------- C:\Program Files\Samsung
2008-01-06 19:25:30 0 d-------- C:\Documents and Settings\R o s y\Application Data\ATI
2008-01-06 17:10:09 0 d-------- C:\Documents and Settings\J e a n\Application Data\ATI MMC
2008-01-06 15:29:54 81920 -----n--- C:\WINDOWS\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2008-01-06 15:29:54 155721 -----n--- C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2008-01-06 15:29:54 294912 -----n--- C:\WINDOWS\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2008-01-06 15:29:54 44544 -----n--- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-06 15:29:54 73728 -----n--- C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2008-01-06 15:29:54 32768 -----n--- C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2008-01-06 15:29:54 40960 -----n--- C:\WINDOWS\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ>
2008-01-06 15:29:54 204881 -----n--- C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2008-01-06 15:29:54 18432 -----n--- C:\WINDOWS\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2008-01-06 15:29:54 114759 -----n--- C:\WINDOWS\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2008-01-06 15:20:42 14165 -----n--- C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-01-06 15:17:42 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-01-06 15:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-01-06 15:14:56 0 d-------- C:\Program Files\Pinnacle
2008-01-06 14:18:47 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-01-06 13:38:06 0 d-------- C:\Program Files\Fichiers communs\ATI
2008-01-06 13:38:04 0 d-------- C:\Program Files\ATI Multimedia
2008-01-05 18:20:07 0 d-------- C:\Program Files\MSXML 6.0
2008-01-05 18:14:53 0 d-------- C:\Documents and Settings\J e a n\Application Data\ATI
2008-01-05 16:20:20 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-05 16:19:51 0 d-------- C:\Program Files\Reference Assemblies
2008-01-05 16:08:35 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-01-05 16:08:15 0 d-------- C:\Program Files\ATI Technologies
2008-01-05 15:09:39 0 d-------- C:\ATI
2008-01-05 09:17:55 0 d-------- C:\Program Files\PC MightyMax
2008-01-04 15:20:26 0 d-------- C:\hp_CLJ1600_Full_Solution
2008-01-04 14:58:51 0 d-------- C:\Program Files\PC MightyMax 2007
2008-01-04 14:33:51 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-04 14:10:15 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-01-04 12:39:30 0 d--h----- C:\Documents and Settings\Administrateur.TI-JEAN\Voisinage réseau
2008-01-04 12:39:30 0 d--h----- C:\Documents and Settings\Administrateur.TI-JEAN\Voisinage d'impression
2008-01-04 12:39:30 0 dr-h----- C:\Documents and Settings\Administrateur.TI-JEAN\SendTo
2008-01-04 12:39:30 0 d--h----- C:\Documents and Settings\Administrateur.TI-JEAN\Recent
2008-01-04 12:39:30 524288 --ah----- C:\Documents and Settings\Administrateur.TI-JEAN\ntuser.dat
2008-01-04 12:39:30 0 d--h----- C:\Documents and Settings\Administrateur.TI-JEAN\Modèles
2008-01-04 12:39:30 0 d-------- C:\Documents and Settings\Administrateur.TI-JEAN\Mes documents
2008-01-04 12:39:30 0 dr------- C:\Documents and Settings\Administrateur.TI-JEAN\Menu Démarrer
2008-01-04 12:39:30 0 d--h----- C:\Documents and Settings\Administrateur.TI-JEAN\Local Settings
2008-01-04 12:39:30 0 d-------- C:\Documents and Settings\Administrateur.TI-JEAN\Favoris
2008-01-04 12:39:30 0 d--hs---- C:\Documents and Settings\Administrateur.TI-JEAN\Cookies
2008-01-04 12:39:30 0 d-------- C:\Documents and Settings\Administrateur.TI-JEAN\Bureau
2008-01-04 12:39:30 0 dr-h----- C:\Documents and Settings\Administrateur.TI-JEAN\Application Data
2008-01-04 12:39:30 0 d---s---- C:\Documents and Settings\Administrateur.TI-JEAN\Application Data\Microsoft
2008-01-03 13:42:28 524288 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-01-03 13:42:28 0 d-------- C:\Documents and Settings\Administrateur\Modèles
2008-01-03 13:42:28 0 d-------- C:\Documents and Settings\Administrateur\Local Settings
2008-01-03 13:42:28 0 d-------- C:\Documents and Settings\Administrateur\Cookies
2008-01-03 13:42:28 0 d-------- C:\Documents and Settings\Administrateur\Application Data
2008-01-03 13:42:28 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-01-03 13:21:38 0 d-------- C:\spoolerlogs
2008-01-02 16:26:27 3407872 --a------ C:\Documents and Settings\R o s y\ntuser.dat
2007-12-31 12:29:59 0 dr-h----- C:\Documents and Settings\J e a n\Recent

-- Find3M Report ---------------------------------------------------------------

2008-01-29 19:24:41 0 d-------- C:\Program Files\Fichiers communs
2008-01-29 18:56:18 0 d-------- C:\Program Files\Messenger
2008-01-29 18:48:13 0 d-------- C:\Program Files\Google
2008-01-29 11:08:06 0 d-------- C:\Program Files\splus
2008-01-29 08:27:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-22 15:16:17 0 d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-05 18:19:30 521472 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-01-05 18:19:30 89658 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-01-05 16:23:58 0 d-------- C:\Program Files\MSBuild
2008-01-05 16:08:59 0 d-------- C:\Program Files\Fichiers communs\InstallShield
2007-12-27 11:35:50 0 d-------- C:\Program Files\QuickTime
2007-12-25 11:50:32 0 d-------- C:\Program Files\Yahoo! Games
2007-12-17 06:06:01 0 d-------- C:\Documents and Settings\J e a n\Application Data\Help
2007-12-16 22:44:13 0 d-------- C:\Documents and Settings\J e a n\Application Data\uTorrent
2007-12-16 22:27:10 0 d-------- C:\Documents and Settings\J e a n\Application Data\InstallShield
2007-12-16 22:26:57 0 d-------- C:\Program Files\Fichiers communs\Remote Control Software Shared
2007-12-16 22:26:48 0 d-------- C:\Program Files\Fichiers communs\Remote Control USB Driver
2007-12-07 10:02:11 0 d-------- C:\Program Files\Andromede5
2007-12-06 18:59:38 0 d-------- C:\Program Files\Fichiers communs\DBase_Ena
2007-12-04 13:32:14 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-11-29 16:01:11 0 d-------- C:\Documents and Settings\J e a n\Application Data\Apple Computer
2007-11-09 01:16:33 0 --a----c- C:\WINDOWS\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-26 21:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 08:42]
"RegistryMechanic"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]
"PCMM2007RT"="C:\Program Files\PC MightyMax 2007\pcmm2007.exe" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"InCD"="D:\Program Files\Nero 7\InCD\InCD.exe" [2006-08-22 10:42]
"CloneCDTray"="D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 14:14]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 19:52]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-29 19:10]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2008-01-29 19:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2006-10-31 21:27]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 21:24]
"AnyDVD"="D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 07:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Panda_cleaner"=C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{313377c2-eea6-11db-b52e-806d6172696f}]
AutoRun\command- F:\setup.exe -q

*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
*Newly Created Service* - YYKLTCGPMWXP

-- End of Deckard's System Scanner: finished at 2008-01-29 19:31:42 ------------