View Full Version : XP infected with Win32.FakeAlert.ttam and Win32.Palevo
French_User
2011-01-31, 22:37
Hello dear helpers!
My computer has been infected for one week now (I can't say how) and neither my antivirus nor my antispyware could fix the problems.
Here is my DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Andrea at 16:00:47,47 on 31/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2013.1232 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Program files annexes\MozyHome\mozybackup.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Andrea\Application Data\Microsoft\conhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Program files annexes\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Program files annexes\Le Petit Robert\prhyper.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\Program files annexes\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Andrea\Application Data\dwm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Drag-to-Disc\Drgtodsc.exe
C:\Program Files\Program files annexes\Firefox\firefox.exe
C:\Program Files\Program files annexes\Firefox\plugin-container.exe
C:\Documents and Settings\Andrea\Bureau\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearch Page = hxxp://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
uSearch Bar = hxxp://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56545
mSearchAssistant = hxxp://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr-smb
uWinlogon: Shell=explorer.exe,c:\documents and settings\andrea\application data\dwm.exe
uWindows: load=c:\docume~1\andrea\locals~1\temp\csrss.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\progra~1\spybot~1\SDHelper.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\fichiers communs\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Le Petit Robert Hyperappel] c:\program files\program files annexes\le petit robert\prhyper.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Connexion SFR 9props.exe] "c:\program files\sfr\kit\9props.exe" /trayicon
uRun: [SpybotSD TeaTimer] c:\program files\program files annexes\spybot - search & destroy\TeaTimer.exe
mRun: [PMX Daemon] ICO.EXE
mRun: c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NPSStartup]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\program files annexes\itunes\iTunesHelper.exe"
mRun: [conhost] c:\documents and settings\andrea\application data\microsoft\conhost.exe
mRunOnce: [Spybot - Search & Destroy] "c:\program files\program files annexes\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA2063] command.com /c del "c:\documents and settings\andrea\local settings\temp\csrss.exe"
mRunOnce: [SpybotDeletingC5697] cmd.exe /c del "c:\documents and settings\andrea\local settings\temp\csrss.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\thunde~1.lnk - c:\program files\program files annexes\thunderbird\thunderbird.exe
StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\~$A FAIRE__.docx
StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\~WRL0005.tmp
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\andrea\applic~1\mozilla\firefox\profiles\vf7c5akl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\program files annexes\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\program files annexes\opera 9.5\program\plugins\np_gp.dll
FF - plugin: c:\program files\program files annexes\opera 9.5\program\plugins\npdsplay.dll
FF - plugin: c:\program files\program files annexes\opera 9.5\program\plugins\NPOFF12.DLL
FF - plugin: c:\program files\program files annexes\opera 9.5\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\program files annexes\opera 9.5\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\program files annexes\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\program files annexes\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\program files annexes\firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\program files annexes\firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Taboo: taboo@runningfrombears.com - %profile%\extensions\taboo@runningfrombears.com
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: UpdateScanner: {c07d1a49-9894-49ff-a594-38960ede8fb9} - %profile%\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
FF - Ext: Hyperwords: {9A752782-D706-479b-98F8-3F66BF921692} - %profile%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Xmarks Searchtabs: xa@xmarks.com - %profile%\extensions\xa@xmarks.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-5-17 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-17 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 56816]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-20 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-20 36608]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 NewServiceInstall1;NewServiceInstall1;c:\program files\sdl international\t2007_fl\tt\lng\Dialogs1031.lng [2007-4-23 11264]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-7-7 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-7-7 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-6-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-6-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-6-20 121856]
S4 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?]
=============== Created Last 30 ================
2011-01-31 14:10:36 -------- d-----w- c:\docume~1\andrea\applic~1\QuickScan
2011-01-31 10:28:06 -------- d-----w- c:\docume~1\andrea\locals~1\applic~1\Roxio
2011-01-31 08:58:32 184832 ----a-w- c:\docume~1\andrea\applic~1\dwm.exe
2011-01-29 10:56:39 193 ----a-w- c:\docume~1\andrea\applic~1\microsoft\gb_129609.bat
2011-01-08 10:40:18 -------- d-----w- c:\docume~1\andrea\locals~1\applic~1\Search and Replace
2011-01-05 14:51:12 -------- d-----w- c:\program files\iPod
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-01-05 14:42:36 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
==================== Find3M ====================
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:45 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:21:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:21:44 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:26:15 385024 ----a-w- c:\windows\system32\html.iec
============= FINISH: 16:01:19,04 ===============
[B]I then ran Spybot-S&D:
Win32.FakeAlert.ttam: [SBI $7799464D] Exécutable (File, nothing done)
C:\Documents and Settings\Andrea\Local Settings\Temp\csrss.exe
Properties.size=194048
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1296458207
Properties.filedatetext=2011-01-31 08:16:46
Win32.Palevo: [SBI $E243B4FE] Réglages utilisateur (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=...C:\Documents and Settings\Andrea\Application
Data\dwm.exe...
Win32.Palevo: [SBI $98023662] Exécutable (File, nothing done)
C:\Documents and Settings\Andrea\Application Data\dwm.exe
Properties.size=183808
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Properties.filedate=1296486832
Properties.filedatetext=2011-01-31 16:13:51
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-25 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-25 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-25 Includes\TrojansC-04.sbi (*)
2011-01-25 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I disabled TeaTimer and when I rebooted my computer, Avira found an infected element and I put it in quarantine (but I can't find a log).
Spybot then only reported the following result:
Win32.Palevo: [SBI $E243B4FE] User settings (Registry value, fixed)
HKEY_USERS\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=...C:\Documents and Settings\Andrea\Application
Data\dwm.exe...
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-01-25 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2011-01-25 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-01-18 Includes\Spyware.sbi (*)
2011-01-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-01-25 Includes\TrojansC-02.sbi (*)
2011-01-13 Includes\TrojansC-03.sbi (*)
2011-01-25 Includes\TrojansC-04.sbi (*)
2011-01-25 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I don't know if it's linked to the virus, but Firefox and Opera just refused to connect to the internet. The messages said the connexion was refused by the proxy server :confused:. I changed my browsers parameters to 'no proxy' and now I am able to access the internet again.
I had to use a USB key to save some datas and I fear it may be infected too (but I didn't use it on another computer).
Thank you in advance for your help!:thanks:
Dakeyras
2011-02-02, 21:44
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Scan With RKUnHooker:
Please Download Rootkit Unhooker (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.
Note: You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Scan with RSIT:
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.Make sure that RSIT.exe is on the your Desktop before running the application!
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit
When completed the above, please post back the following in the order asked for:
How is your computer performing now, any further symptoms and or problems encountered?
RKUnHooker Log.
Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
French_User
2011-02-04, 00:23
Hi Dakeyras and thank you for your reply!
Concerning my computer's performance/problems encountered:
I only turned on my infected computer today. Spybot should have run a scan automatically (which I planned to stop in order to follow your recommandations) but it didn't even open.
Avira launched a scan automatically and detected TR/Agent.psa.33 [trojan]" in C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP4\A0000224.exe
Avira refused access.
When I browsed the internet, no more pop-up opened and I haven't been redirected to porno websites (contrary to the last time I used my computer).
I can't post the RKUnHooker Log because it's too long (860871 characters).
French_User
2011-02-04, 00:27
Logfile of random's system information tool 1.08 (written by random/random)
Run by Andrea at 2011-02-03 22:49:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 163 GB (53%) free of 305 GB
Total RAM: 2013 MB (60% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1219776839.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{1FCB9DD2-825C-4F2C-9A0B-B2EBF9E2BFB1}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-05 322880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
Objet d'aide à la navigation SFR - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll [2009-10-15 165184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2001-08-10 388608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-07-15 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-05 542016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-07-15 806912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"=C:\WINDOWS\system32\ICO.EXE [2006-11-08 49152]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-12-05 1392640]
""= []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-05 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16132608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-06-13 69632]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-07-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-07-17 178712]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-07-17 150040]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NPSStartup"= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\Program files annexes\iTunes\iTunesHelper.exe [2010-12-13 421160]
"conhost"=C:\Documents and Settings\Andrea\Application Data\Microsoft\conhost.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"Le Petit Robert Hyperappel"=C:\Program Files\Program files annexes\Le Petit Robert\prhyper.exe [2001-10-11 22560]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-10-15 959808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-14 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\Program files annexes\iTunes\iTunesHelper.exe [2010-12-13 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant Smart Wizard NETGEAR pour WG311v3.lnk]
C:\PROGRA~1\NETGEAR\WG111v3\WG111v3.exe [2008-07-01 1929216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Delivery Reader.lnk]
C:\PROGRA~1\PROGRA~1\Delivery\DELIVE~3.EXE [2010-12-15 2158728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NETGEAR WG111v3 Smart Wizard.lnk]
C:\PROGRA~1\NETGEAR\WG111v3\WG111v3.exe [2008-07-01 1929216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2
"RoxWatch9"=2
"RoxMediaDB9"=3
"maconfservice"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"Bonjour Service"=2
"Apple Mobile Device"=2
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Thunderbird.lnk - C:\Program Files\Program files annexes\Thunderbird\thunderbird.exe
~$A FAIRE__.docx
~WRL0005.tmp
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-07-03 217088]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\Program files annexes\World of Warcraft\WoW-2.4.2-frFR-downloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\WoW-2.4.2-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Program files annexes\Firefox\firefox.exe"="C:\Program Files\Program files annexes\Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Program files annexes\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Program files annexes\Warcraft III\Warcraft III.exe"="C:\Program Files\Program files annexes\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Documents and Settings\Andrea\Local Settings\Temp\Blizzard Launcher Temporary - 8cb2d738\Launcher.exe"="C:\Documents and Settings\Andrea\Local Settings\Temp\Blizzard Launcher Temporary - 8cb2d738\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Program files annexes\World of Warcraft\Launcher.exe"="C:\Program Files\Program files annexes\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"="C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Program files annexes\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Program files annexes\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Iomega\QuikProtect\QuikProtect.exe"="C:\Program Files\Iomega\QuikProtect\QuikProtect.exe:*:Enabled:QuikProtect"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Program files annexes\Opera 9.5\opera.exe"="C:\Program Files\Program files annexes\Opera 9.5\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Program files annexes\Skype\Phone\Skype.exe"="C:\Program Files\Program files annexes\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour"
"C:\Program Files\Program files annexes\World of Warcraft\Launcher.patch.exe"="C:\Program Files\Program files annexes\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Program files annexes\iTunes\iTunes.exe"="C:\Program Files\Program files annexes\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2011-02-03 22:49:33 ----D---- C:\Program Files\trend micro
2011-02-03 22:49:32 ----D---- C:\rsit
2011-01-31 15:57:55 ----D---- C:\WINDOWS\ERDNT
2011-01-31 15:56:37 ----D---- C:\Program Files\ERUNT
2011-01-31 15:10:36 ----D---- C:\Documents and Settings\Andrea\Application Data\QuickScan
2011-01-31 11:29:19 ----A---- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
2011-01-12 23:31:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2011-01-05 15:51:12 ----D---- C:\Program Files\iPod
2011-01-05 15:42:07 ----D---- C:\Program Files\QuickTime
======List of files/folders modified in the last 1 months======
2011-02-03 22:49:33 ----RD---- C:\Program Files
2011-02-03 22:49:27 ----D---- C:\WINDOWS\Prefetch
2011-02-03 13:42:48 ----D---- C:\WINDOWS\system32
2011-02-03 11:16:52 ----D---- C:\WINDOWS\system32\drivers
2011-02-03 10:49:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-03 10:39:42 ----D---- C:\WINDOWS\Temp
2011-02-03 10:30:38 ----D---- C:\WINDOWS\system32\CatRoot2
2011-02-03 10:29:30 ----D---- C:\WINDOWS
2011-01-31 19:58:25 ----SD---- C:\Documents and Settings\Andrea\Application Data\Microsoft
2011-01-31 16:15:40 ----RASH---- C:\boot.ini
2011-01-31 11:02:20 ----SHD---- C:\WINDOWS\Installer
2011-01-31 09:56:43 ----A---- C:\WINDOWS\wininit.ini
2011-01-28 22:18:45 ----SHD---- C:\System Volume Information
2011-01-28 22:18:45 ----D---- C:\WINDOWS\system32\Restore
2011-01-28 19:52:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-12 23:31:49 ----A---- C:\WINDOWS\system32\MRT.exe
2011-01-12 23:31:46 ----HD---- C:\WINDOWS\inf
2011-01-12 23:31:39 ----SHD---- C:\WINDOWS\system32\dllcache
2011-01-12 08:26:44 ----HD---- C:\WINDOWS\$hf_mig$
2011-01-09 16:25:15 ----A---- C:\WINDOWS\rcwin.ini
2011-01-08 11:39:33 ----D---- C:\Program Files\Program files annexes
2011-01-05 15:51:12 ----D---- C:\Program Files\Fichiers communs\Apple
2011-01-04 21:23:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2011-01-04 21:23:34 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-07-23 14576]
R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-07-23 99808]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2007-06-13 304920]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 mozyFilter;mozyFilter; C:\WINDOWS\system32\DRIVERS\mozy.sys [2008-07-14 53752]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-05-18 28520]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-06 21035]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-05-18 56816]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9136]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-07-03 6043040]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-13 4403712]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\WINDOWS\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-12-05 604928]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 E100B;Pilote de carte Intel (R) PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-26 254872]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-02 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-02 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-11-02 21568]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pmxmouse;PMXMOUSE; C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2007-06-01 18432]
S3 pmxusblf;PMXUSBLF; C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2007-05-24 14336]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-05-18 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-05-18 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-04-07 233472]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\Program files annexes\MozyHome\mozybackup.exe [2008-07-14 87344]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 NewServiceInstall1;NewServiceInstall1; C:\Program Files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [2007-04-23 11264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-07 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 stllssvr;stllssvr; C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe [2007-07-11 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
S4 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S4 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S4 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-12-05 20480]
-----------------EOF-----------------
French_User
2011-02-04, 00:28
info.txt logfile of random's system information tool 1.08 2011-02-03 22:49:35
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
2007 Microsoft Office Suite Service Pack 2 (SP2)-->msiexec /package {91120000-0013-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}
7-Zip 4.57-->"C:\Program Files\Program files annexes\7-Zip\Uninstall.exe"
ActivePerl 5.8.3 Build 809-->MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Anki-->"C:\Program Files\Program files annexes\Anki\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Correctif pour Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Delivery-->"C:\Program Files\Program files annexes\Delivery\uninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Désinstaller Le Petit Robert de la langue française-->C:\WINDOWS\IsUn040c.exe -f"c:\program files\program files annexes\Le Petit Robert\Uninst.isu"
Doom 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fallout-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}\Setup.exe" -l0x9 -removeonly
FileZilla Client 3.3.0.1-->C:\Program Files\Program files annexes\FileZillaFTPClient\uninstall.exe
Flickr Uploadr 3.0.5-->"C:\Program Files\Program files annexes\Flickr Uploadr\uninstall.exe"
Flock 1.2-->C:\Program Files\Program files annexes\Flock\uninst.exe
Freecorder Toolbar 3.02 Application-->"C:\WINDOWS\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Program files annexes\FLVPlayer\Freecorder Toolbar\Uninstall\uninstall.xml"
FreeMind-->"C:\Program Files\Program files annexes\FreeMind\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Driver Software 10.0 Rel .2-->C:\Program Files\Hewlett-Packard\Digital Imaging\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}\setup\hpzscr01.exe -datfile hposcr21.dat -onestop
HP Photosmart Essential 2.5-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
hp psc 2200 series-->MsiExec.exe /X{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}
HP Smart Web Printing-->C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PRO Network Connections 12.1.8.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iTunes-->MsiExec.exe /I{881F5DE8-9367-4B81-A325-E91BBC6472F9}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
jEdit 4.2-->"C:\Program Files\Program files annexes\jEdit\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Office Basic 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall BASICR /dll OSETUP.DLL
Microsoft Office Basic 2007-->MsiExec.exe /X{91120000-0013-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Mouse Suite for Desktop Computers-->C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\setup.exe -runfromtemp -l0x040c -removeonly
Mozilla Firefox (3.6.13)-->C:\Program Files\Program files annexes\Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.1.7)-->C:\Program Files\Program files annexes\Thunderbird\uninstall\helper.exe
MozyHome 1.8.10.0-->"C:\Program Files\Program files annexes\MozyHome\uninstall\unins000.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x040c
OCR Software by I.R.I.S. 10.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OmegaT version 1.7.3_02-->"C:\Program Files\Program files annexes\OmegaT\unins000.exe"
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Opera 11.01-->"C:\Program Files\Program files annexes\Opera 9.5\Opera.exe" /uninstall
Oxford Advanced Genie-->C:\WINDOWS\IsUninst.exe -f"c:\program files\program files annexes\Oxford\GAS001OU\Uninst.isu"
Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6765.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\Program files annexes\PDFCreator\unins000.exe
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 2200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Picasa 3-->"C:\Program Files\Program files annexes\Picasa3\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x40c -cluninstall
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x0809 -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0809 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
SDL MultiTerm 2007 Desktop-->MsiExec.exe /I{8302F817-9F82-40F2-8149-8BB50B0250F7}
SDL Trados 2007 Freelance-->MsiExec.exe /I{43BD0C58-6E6E-4500-AFB0-263423319604}
SDL Trados Synergy 2007-->MsiExec.exe /X{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}
SDLX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE98383B-7BB4-457C-AEAB-D89E9537628F}\setup.exe" -l0x9
Search and Replace-->"C:\Program Files\Program files annexes\SR\unins000.exe"
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
Shop for HP Supplies-->C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Spybot - Search & Destroy-->"C:\Program Files\Program files annexes\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Program files annexes\World of Warcraft\TS\Teamspeak2_RC2\unins000.exe"
Time Stamp-->"C:\Program Files\Program files annexes\Time Stamp\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack*3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Security center information======
AV: AntiVir Desktop (outdated)
======System event log======
Computer Name: VOSTRO
Event Code: 7036
Message: Le service Gestionnaire de connexion automatique d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 53655
Source Name: Service Control Manager
Time Written: 20101205102015.000000+060
Event Type: Informations
User:
Computer Name: VOSTRO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Hôte de périphérique universel Plug-and-Play.
Record Number: 53654
Source Name: Service Control Manager
Time Written: 20101205102015.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: VOSTRO
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexion automatique d'accès distant.
Record Number: 53653
Source Name: Service Control Manager
Time Written: 20101205102015.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: VOSTRO
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.
Record Number: 53652
Source Name: Service Control Manager
Time Written: 20101205102014.000000+060
Event Type: Informations
User:
Computer Name: VOSTRO
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.
Record Number: 53651
Source Name: Service Control Manager
Time Written: 20101205102014.000000+060
Event Type: Informations
User:
=====Application event log=====
Computer Name: VOSTRO
Event Code: 1
Message: Service started
Record Number: 9309
Source Name: sprtsvc_dellsupportcenter
Time Written: 20100509121605.000000+120
Event Type: Informations
User:
Computer Name: VOSTRO
Event Code: 100
Message: Service started
Record Number: 9308
Source Name: Bonjour Service
Time Written: 20100509121602.000000+120
Event Type: Informations
User:
Computer Name: VOSTRO
Event Code: 8
Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Le serveur spécifié ne peut pas exécuter l'opération demandée.
Record Number: 9307
Source Name: crypt32
Time Written: 20100508171250.000000+120
Event Type: erreur
User:
Computer Name: VOSTRO
Event Code: 8
Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.
Record Number: 9306
Source Name: crypt32
Time Written: 20100508171250.000000+120
Event Type: erreur
User:
Computer Name: VOSTRO
Event Code: 8
Message: Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion réseau n'existe pas.
Record Number: 9305
Source Name: crypt32
Time Written: 20100508171208.000000+120
Event Type: erreur
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;C:\Program Files\Program files annexes\Active Perl\bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared\;C:\Program Files\SDL International\SDLX;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Fichiers communs\Roxio Shared\9.0\Roxio Central33\
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Dakeyras
2011-02-04, 01:21
Hi. :)
thank you for your reply!
You're welcome!
Download/run Rkill:
Please download Rkill from one of the following links and save it to your Desktop(If one fails to work delete it and download/try another):
One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr), Four (http://download.bleepingcomputer.com/grinler/iExplore.exe) or Five (http://download.bleepingcomputer.com/grinler/eXplorer.exe)
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
Double click on Rkill.
A command window will open then disappear upon completion, this is normal.
Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.
Next:
I only turned on my infected computer today. Spybot should have run a scan automatically (which I planned to stop in order to follow your recommandations) but it didn't even open.
OK, as a precaution less Spybot hinders the Malware Removal Process please uninstall this. By all means you may reinstall the application once I give the all clear.
Note: If you were asked to reboot your machine after the Spybot' uninstalltion, re-run Rkill again.
Next:
Avira launched a scan automatically and detected TR/Agent.psa.33 [trojan]" in C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP4\A0000224.exe
Avira refused access.At present Avira AntiVir appears to be partially hindered by the malware still present on your machine...For future reference during the course of the Malware Removal Process if Avira AntiVir atrempts/offers to remove the aforementioned or similar deny such. Reason being it is detecting a infected System Restore Point...And even a infected one is still useful actually/can be used, if removed it can(will)render that particular System Restore Point useless. When I give the all clear we can address the System Restore Point(s) in a safe manner.
Next:
I can't post the RKUnHooker Log because it's too long (860871 characters).
OK we will try a different scan(TDSSKiller) and in the event this one's log is to large to post, merely send it to a Zip File using the 7-Zip you have installed and post it as a attachment in your next reply.
Scan with TDSSKiller:
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract (unzip) it to your Desktop.
Right-click on TDSSKiller.exe and select Rename, rename it iexplore
Double click on iexplore to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
Rkill Log.
TDSSKiller Log.
French_User
2011-02-06, 00:03
Hi!
Concerning my computer's performance/problems encountered:
Before I started a thread on this forum, I tried to solve the problem myself following some instructions I read on French websites. I read several times to check Disable System Restore, so I did it. Later I found it was no good idea and I uncheked it.
Moreover I relied on Spybot to fix the problems it detected (among them a csrss file) and since then, when my computer starts, a message warns me that Windows can't find csrss.exe.
I am sorry I completely forgot to mention that in my previous posts :oops:.
Yesterday and today Antivir update failed.
Rkill log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 05/02/2011 at 22:34:52.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\runonce.exe
C:\WINDOWS\system32\grpconv.exe
Rkill completed on 05/02/2011 at 22:34:55.
TDSSKiller Log:
2011/02/05 23:22:02.0703 0812 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/05 23:22:03.0125 0812 ================================================================================
2011/02/05 23:22:03.0125 0812 SystemInfo:
2011/02/05 23:22:03.0125 0812
2011/02/05 23:22:03.0125 0812 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/05 23:22:03.0125 0812 Product type: Workstation
2011/02/05 23:22:03.0125 0812 ComputerName: VOSTRO
2011/02/05 23:22:03.0125 0812 UserName: Andrea
2011/02/05 23:22:03.0125 0812 Windows directory: C:\WINDOWS
2011/02/05 23:22:03.0125 0812 System windows directory: C:\WINDOWS
2011/02/05 23:22:03.0125 0812 Processor architecture: Intel x86
2011/02/05 23:22:03.0125 0812 Number of processors: 2
2011/02/05 23:22:03.0125 0812 Page size: 0x1000
2011/02/05 23:22:03.0125 0812 Boot type: Normal boot
2011/02/05 23:22:03.0125 0812 ================================================================================
2011/02/05 23:22:03.0359 0812 Initialize success
2011/02/05 23:22:12.0140 3756 ================================================================================
2011/02/05 23:22:12.0140 3756 Scan started
2011/02/05 23:22:12.0140 3756 Mode: Manual;
2011/02/05 23:22:12.0140 3756 ================================================================================
2011/02/05 23:22:12.0906 3756 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/05 23:22:12.0953 3756 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/05 23:22:13.0015 3756 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/05 23:22:13.0031 3756 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/05 23:22:13.0078 3756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/05 23:22:13.0156 3756 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/05 23:22:13.0218 3756 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/05 23:22:13.0281 3756 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/05 23:22:13.0312 3756 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/05 23:22:13.0343 3756 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/05 23:22:13.0359 3756 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/05 23:22:13.0375 3756 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/05 23:22:13.0406 3756 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/05 23:22:13.0437 3756 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/05 23:22:13.0468 3756 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/05 23:22:13.0500 3756 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/05 23:22:13.0531 3756 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/05 23:22:13.0546 3756 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/05 23:22:13.0562 3756 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/05 23:22:13.0625 3756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/05 23:22:13.0671 3756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/05 23:22:13.0703 3756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/05 23:22:13.0750 3756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/05 23:22:13.0921 3756 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/05 23:22:13.0968 3756 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/02/05 23:22:14.0031 3756 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/02/05 23:22:14.0109 3756 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/02/05 23:22:14.0156 3756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/05 23:22:14.0203 3756 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/05 23:22:14.0218 3756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/05 23:22:14.0250 3756 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/05 23:22:14.0265 3756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/05 23:22:14.0281 3756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/05 23:22:14.0312 3756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/05 23:22:14.0375 3756 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/05 23:22:14.0406 3756 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/05 23:22:14.0437 3756 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/05 23:22:14.0453 3756 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/05 23:22:14.0484 3756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/05 23:22:14.0500 3756 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2011/02/05 23:22:14.0515 3756 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2011/02/05 23:22:14.0531 3756 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/05 23:22:14.0546 3756 DLADResM (86dfc5bae3878cfabde1430475bd52a7) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2011/02/05 23:22:14.0562 3756 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2011/02/05 23:22:14.0609 3756 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2011/02/05 23:22:14.0625 3756 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2011/02/05 23:22:14.0640 3756 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/02/05 23:22:14.0656 3756 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2011/02/05 23:22:14.0671 3756 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2011/02/05 23:22:14.0718 3756 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/05 23:22:14.0750 3756 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/05 23:22:14.0765 3756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/05 23:22:14.0812 3756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/05 23:22:14.0859 3756 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/05 23:22:14.0921 3756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/05 23:22:14.0937 3756 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/05 23:22:14.0953 3756 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/05 23:22:15.0000 3756 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/05 23:22:15.0031 3756 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/02/05 23:22:15.0109 3756 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/02/05 23:22:15.0140 3756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/05 23:22:15.0187 3756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/05 23:22:15.0234 3756 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/05 23:22:15.0281 3756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/05 23:22:15.0296 3756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/05 23:22:15.0390 3756 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/02/05 23:22:15.0468 3756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/05 23:22:15.0484 3756 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/05 23:22:15.0546 3756 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/05 23:22:15.0578 3756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/05 23:22:15.0609 3756 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/05 23:22:15.0625 3756 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/05 23:22:15.0671 3756 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/05 23:22:15.0734 3756 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/05 23:22:15.0781 3756 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/05 23:22:15.0828 3756 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/05 23:22:15.0906 3756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/05 23:22:15.0921 3756 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/05 23:22:15.0953 3756 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/05 23:22:15.0984 3756 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/05 23:22:16.0156 3756 ialm (c56fc0970b453e68eba1c78ae36185a8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/02/05 23:22:16.0312 3756 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2011/02/05 23:22:16.0375 3756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/05 23:22:16.0421 3756 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/05 23:22:16.0562 3756 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/05 23:22:16.0625 3756 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/05 23:22:16.0656 3756 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/05 23:22:16.0703 3756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/05 23:22:16.0750 3756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/05 23:22:16.0781 3756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/05 23:22:16.0828 3756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/05 23:22:16.0843 3756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/05 23:22:16.0875 3756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/05 23:22:16.0906 3756 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/05 23:22:16.0953 3756 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/05 23:22:16.0968 3756 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/05 23:22:17.0000 3756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/05 23:22:17.0031 3756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/05 23:22:17.0093 3756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/05 23:22:17.0125 3756 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/05 23:22:17.0125 3756 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/05 23:22:17.0187 3756 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/05 23:22:17.0203 3756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/05 23:22:17.0234 3756 mozyFilter (e7c89c1a714cc146bcbeccc41c902553) C:\WINDOWS\system32\DRIVERS\mozy.sys
2011/02/05 23:22:17.0250 3756 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/05 23:22:17.0265 3756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/05 23:22:17.0328 3756 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/05 23:22:17.0343 3756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/05 23:22:17.0406 3756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/05 23:22:17.0406 3756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/05 23:22:17.0437 3756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/05 23:22:17.0453 3756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/05 23:22:17.0468 3756 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/05 23:22:17.0484 3756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/05 23:22:17.0531 3756 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/05 23:22:17.0546 3756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/05 23:22:17.0562 3756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/05 23:22:17.0625 3756 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/05 23:22:17.0640 3756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/05 23:22:17.0671 3756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/05 23:22:17.0718 3756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/05 23:22:17.0750 3756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/05 23:22:17.0781 3756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/05 23:22:17.0859 3756 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/05 23:22:17.0937 3756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/05 23:22:17.0953 3756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/05 23:22:18.0000 3756 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/05 23:22:18.0015 3756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/05 23:22:18.0062 3756 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/05 23:22:18.0093 3756 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/02/05 23:22:18.0125 3756 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/05 23:22:18.0140 3756 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/05 23:22:18.0171 3756 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/05 23:22:18.0250 3756 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/05 23:22:18.0281 3756 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/05 23:22:18.0343 3756 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\WINDOWS\system32\DRIVERS\pmxmouse.sys
2011/02/05 23:22:18.0359 3756 pmxusblf (1971e853b598bf9baabff2b652e5cd4d) C:\WINDOWS\system32\DRIVERS\pmxusblf.sys
2011/02/05 23:22:18.0390 3756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/05 23:22:18.0421 3756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/05 23:22:18.0437 3756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/05 23:22:18.0484 3756 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/05 23:22:18.0500 3756 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/05 23:22:18.0515 3756 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/05 23:22:18.0531 3756 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/05 23:22:18.0578 3756 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/05 23:22:18.0625 3756 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/05 23:22:18.0656 3756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/05 23:22:18.0687 3756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/05 23:22:18.0703 3756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/05 23:22:18.0718 3756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/05 23:22:18.0750 3756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/05 23:22:18.0765 3756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/05 23:22:18.0781 3756 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/05 23:22:18.0828 3756 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/05 23:22:18.0875 3756 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/05 23:22:18.0984 3756 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
2011/02/05 23:22:19.0046 3756 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/02/05 23:22:19.0140 3756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/05 23:22:19.0187 3756 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/05 23:22:19.0203 3756 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/05 23:22:19.0265 3756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/05 23:22:19.0328 3756 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/05 23:22:19.0359 3756 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/05 23:22:19.0406 3756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/05 23:22:19.0421 3756 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/05 23:22:19.0500 3756 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/05 23:22:19.0546 3756 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/02/05 23:22:19.0593 3756 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/02/05 23:22:19.0609 3756 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/02/05 23:22:19.0640 3756 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/02/05 23:22:19.0687 3756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/05 23:22:19.0718 3756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/05 23:22:19.0765 3756 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/05 23:22:19.0781 3756 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/05 23:22:19.0812 3756 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/05 23:22:19.0828 3756 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/05 23:22:19.0859 3756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/05 23:22:19.0937 3756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/05 23:22:20.0015 3756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/05 23:22:20.0046 3756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/05 23:22:20.0093 3756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/05 23:22:20.0125 3756 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/05 23:22:20.0187 3756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/05 23:22:20.0234 3756 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/05 23:22:20.0281 3756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/05 23:22:20.0359 3756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/05 23:22:20.0437 3756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/05 23:22:20.0453 3756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/05 23:22:20.0515 3756 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/05 23:22:20.0546 3756 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/05 23:22:20.0578 3756 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/05 23:22:20.0625 3756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/05 23:22:20.0703 3756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/05 23:22:20.0750 3756 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/05 23:22:20.0765 3756 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/05 23:22:20.0812 3756 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/05 23:22:20.0859 3756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/05 23:22:20.0921 3756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/05 23:22:21.0156 3756 ================================================================================
2011/02/05 23:22:21.0156 3756 Scan finished
2011/02/05 23:22:21.0156 3756 ================================================================================
Dakeyras
2011-02-06, 00:59
Hi. :)
Before I started a thread on this forum, I tried to solve the problem myself following some instructions I read on French websites. I read several times to check Disable System Restore, so I did it. Later I found it was no good idea and I uncheked it.
Moreover I relied on Spybot to fix the problems it detected (among them a csrss file) and since then, when my computer starts, a message warns me that Windows can't find csrss.exe.
I am sorry I completely forgot to mention that in my previous posts :oops:.
Ok fair play and thank you for being so forthright with myself. ;)
Next:
Please create a Registry Back-Up with Erunt as a precaution:-
Click on Start >> Run...(or depress the Windows key and R together) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\Andrea-Backup
and click on OK.
Note: If you have uninstalled ERUNT, please inform myself before proceeding any further.
Download/Run ComboFix:
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html) <-- Click on this link.Please include the C:\ComboFix.txt in your next reply for further review.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any other symptoms and or problems encountered?
ComboFix Log.
A new DDS Log.
French_User
2011-02-06, 23:11
Hello!
Before I run ComboFix, I'd like to know if I should also disable my firewall?
Dakeyras
2011-02-06, 23:39
Aye by all means do so. :)
French_User
2011-02-07, 11:30
Hi!
I followed your instructions but when Combofix was almost finished, a blue screen with BAD_POOL_HEADER appeared! Fortunately Windows recovered when I started again my computer. The technical data of the blue screen said:
***STOP:0x00000019 (0x00000020, 0x8A642970, 0x8A642D88, 0x1A830001).
Windows report is:
BCCode : 19 BCP1 : 00000020 BCP2 : 8A642970 BCP3 : 8A642D88
BCP4 : 1A830001 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
C:\DOCUME~1\Andrea\LOCALS~1\Temp\WERa8ca.dir00\Mini020711-01.dmp
C:\DOCUME~1\Andrea\LOCALS~1\Temp\WERa8ca.dir00\sysdata.xml
An Internet Explorer icon has appeared on my Desktop (I use Firefox) after I started my computer again.
(When I looked for antivirus/antispyware programs that may be on my computer, I used the add/remove program function of Windows. I removed only one program that had nothing to do with my computer security but it was not useful. I Wonder if it might have caused the problem.)
I can't find the ComboFix log nor the .txt.
Here is the new DDS log:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Andrea at 11:28:24,93 on 07/02/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2013.1283 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Program files annexes\MozyHome\mozybackup.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Program files annexes\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Program files annexes\Le Petit Robert\prhyper.exe
C:\Program Files\SFR\Kit\9props.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Program files annexes\Firefox\firefox.exe
C:\Program Files\Program files annexes\Firefox\plugin-container.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Andrea\Bureau\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:56545
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Objet d'aide à la navigation SFR: {0f6e720a-1a6b-40e1-a294-1d4d19f156c8} - c:\program files\sfr\kit\SFRNavErrorHelper.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
uRun: [ISUSPM] "c:\program files\fichiers communs\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Le Petit Robert Hyperappel] c:\program files\program files annexes\le petit robert\prhyper.exe
uRun: [Connexion SFR 9props.exe] "c:\program files\sfr\kit\9props.exe" /trayicon
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NPSStartup]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\program files annexes\itunes\iTunesHelper.exe"
mRun: [conhost] c:\documents and settings\andrea\application data\microsoft\conhost.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\thunde~1.lnk - c:\program files\program files annexes\thunderbird\thunderbird.exe
StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\~$A FAIRE__.docx
StartupFolder: c:\documents and settings\all users\menu démarrer\programmes\démarrage\~WRL0005.tmp
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\andrea\applic~1\mozilla\firefox\profiles\vf7c5akl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\andrea\application data\mozilla\firefox\profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\program files annexes\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\program files annexes\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\program files annexes\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\program files annexes\firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\program files annexes\firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Taboo: taboo@runningfrombears.com - %profile%\extensions\taboo@runningfrombears.com
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: UpdateScanner: {c07d1a49-9894-49ff-a594-38960ede8fb9} - %profile%\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
FF - Ext: Wired-Marker: {e36db930-f18d-4449-b45f-e286cfb9e03a} - %profile%\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
FF - Ext: Hyperwords: {9A752782-D706-479b-98F8-3F66BF921692} - %profile%\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: meebo: firefox@meebo.com - %profile%\extensions\firefox@meebo.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Names Dictionary for rikaichan: {566D6332-1439-43bf-857E-7AD5F137AD0C} - %profile%\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Xmarks Searchtabs: xa@xmarks.com - %profile%\extensions\xa@xmarks.com
FF - Ext: Rikaichan Japanese-English Dictionary File: rikaichan-jpen@polarcloud.com - %profile%\extensions\rikaichan-jpen@polarcloud.com
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-5-17 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2010-5-17 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-17 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-12 56816]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-6-20 233472]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-20 36608]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 NewServiceInstall1;NewServiceInstall1;c:\program files\sdl international\t2007_fl\tt\lng\Dialogs1031.lng [2007-4-23 11264]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2008-7-7 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2008-7-7 14336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-6-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-6-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-6-20 121856]
S4 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" --> c:\program files\ma-config.com\maconfservice.exe [?]
=============== Created Last 30 ================
2011-02-07 09:26:00 -------- d-sha-r- C:\cmdcons
2011-02-07 09:22:32 98816 ----a-w- c:\windows\sed.exe
2011-02-07 09:22:32 89088 ----a-w- c:\windows\MBR.exe
2011-02-07 09:22:32 256512 ----a-w- c:\windows\PEV.exe
2011-02-07 09:22:32 161792 ----a-w- c:\windows\SWREG.exe
2011-02-07 09:22:27 -------- d-----w- C:\ComboFix
2011-02-03 21:49:33 -------- d-----w- c:\program files\trend micro
2011-01-31 14:10:36 -------- d-----w- c:\docume~1\andrea\applic~1\QuickScan
2011-01-31 10:28:06 -------- d-----w- c:\docume~1\andrea\locals~1\applic~1\Roxio
2011-01-29 10:56:39 193 ----a-w- c:\docume~1\andrea\applic~1\microsoft\gb_129609.bat
2011-01-08 10:40:18 -------- d-----w- c:\docume~1\andrea\locals~1\applic~1\Search and Replace
==================== Find3M ====================
2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:45 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
============= FINISH: 11:28:37,45 ===============
Dakeyras
2011-02-07, 18:04
Hi. :)
Most unfortunate what has happened but thank you for the detailed report of what actually occurred. Now it could be several reasons that explain this serious of events, so for myself to be better able to ascertain what is the exact culprit/problems. I am going to ask your good self run a different in-depth scanning application shortly.
An Internet Explorer icon has appeared on my Desktop (I use Firefox) after I started my computer again.
That is fine, part of the ComboFix process puts a shortcut for Internet Explorer on the Desktop. You may delete it if you wish.
Scan with OTL:
Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.
Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).
Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
French_User
2011-02-07, 21:16
Nothing special about my computer. It seems it has a normal behaviour!
French_User
2011-02-07, 21:16
OTL logfile created on: 07/02/2011 21:11:06 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Andrea\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,02 Gb Total Space | 160,96 Gb Free Space | 54,01% Space Free | Partition Type: NTFS
Computer Name: VOSTRO | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Andrea\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Program files annexes\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Program files annexes\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\SFR\Kit\9props.exe (SFR)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Program files annexes\Le Petit Robert\PRHYPER.EXE ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Andrea\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (maconfservice) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (stllssvr) -- C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (NewServiceInstall1) -- C:\Program Files\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng ()
SRV - (RoxMediaDB9) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (pmxmouse) -- C:\WINDOWS\system32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\WINDOWS\system32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/fr_fr?hl=fr&client=dell-row&channel=fr-smb&ibd=0080703
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56545
========== FireFox ==========
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Program files annexes\Flock\flock\plugins [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Program files annexes\Flock\flock\components [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Program files annexes\Firefox\components [2011/01/09 09:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Program files annexes\Firefox\plugins [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Program files annexes\Thunderbird\components [2011/01/05 15:42:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Program files annexes\Thunderbird\plugins
[2010/08/05 22:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Extensions
[2010/08/05 22:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/20 14:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/02/07 20:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions
[2010/02/13 11:54:35 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/10/22 08:35:58 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/11/04 09:57:57 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/07/08 08:12:27 | 000,000,000 | ---D | M] (Abstract Classic) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{2fbc1200-ad13-11db-abbd-0800200c9a66}
[2010/04/07 11:37:47 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/11/23 20:41:27 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2009/11/23 20:38:11 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/11/04 09:57:57 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/12/05 16:42:11 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
[2010/06/26 22:00:31 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2010/07/26 19:50:34 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2010/09/30 08:48:49 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/07/08 08:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{bbc21d30-1cff-11da-8cd6-0800200c9a66}
[2010/08/26 08:28:47 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2010/07/03 20:56:45 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/05/23 08:30:00 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011/01/31 15:10:25 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/02/13 11:54:39 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010/03/21 12:57:37 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/02/20 09:47:48 | 000,000,000 | ---D | M] ("Bookmark Previews") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\bookmarkpreviews@mozdev.org
[2011/01/08 11:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\engine@conduit.com
[2010/07/26 19:50:38 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\fastdial@telega.phpnet.us
[2008/07/16 11:00:12 | 000,000,000 | ---D | M] (meebo) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\firefox@meebo.com
[2010/09/30 08:48:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\foxmarks@kei.com
[2009/04/25 01:45:31 | 000,000,000 | ---D | M] ("Morning Coffee") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\morningCoffee@shaneliesegang
[2010/07/23 12:32:30 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\rikaichan-jpen@polarcloud.com
[2009/02/07 12:34:26 | 000,000,000 | ---D | M] (Scryve) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\scryve@digitalglue.in
[2010/02/13 11:55:52 | 000,000,000 | ---D | M] (Taboo) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\taboo@runningfrombears.com
[2008/07/08 09:49:22 | 000,000,000 | ---D | M] ("readlater") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\to@read.later
[2010/02/13 11:55:41 | 000,000,000 | ---D | M] ("Xmarks Searchtabs") -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\xa@xmarks.com
[2010/10/25 10:38:41 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Andrea\Application Data\Mozilla\Firefox\Profiles\vf7c5akl.default\extensions\zotero@chnm.gmu.edu
O1 HOSTS File: ([2004/08/05 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\..\Toolbar\ShellBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005..\Run: [ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Program files annexes\Le Petit Robert\PRHYPER.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 13:18:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/02/07 21:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape5
[2011/02/07 21:07:08 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Bureau\OTL.exe
[2011/02/07 10:51:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/02/07 10:26:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/07 10:22:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/07 10:22:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/07 10:22:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/07 10:22:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/07 10:22:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/07 10:21:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/07 10:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape4
[2011/02/05 12:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape3
[2011/02/03 22:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/02/03 22:49:32 | 000,000,000 | ---D | C] -- C:\rsit
[2011/02/03 22:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape2
[2011/02/03 22:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\etape1
[2011/01/31 15:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/31 15:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/01/31 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/31 15:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Application Data\QuickScan
[2011/01/31 12:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\sauvostro1
[2011/01/31 12:03:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\Sauvegarde_Vostro2011
[2011/01/31 11:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Local Settings\Application Data\Roxio
[2011/01/28 15:50:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe
[2011/01/24 12:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\gengokoukan
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp files -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/02/07 21:07:15 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrea\Bureau\OTL.exe
[2011/02/07 21:05:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FCB9DD2-825C-4F2C-9A0B-B2EBF9E2BFB1}.job
[2011/02/07 20:28:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/02/07 20:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 20:18:50 | 2110,947,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/07 10:26:04 | 000,000,356 | RHS- | M] () -- C:\boot.ini
[2011/02/07 10:19:10 | 004,264,433 | R--- | M] () -- C:\Documents and Settings\Andrea\Bureau\ComboFix.exe
[2011/02/05 12:48:22 | 000,720,369 | ---- | M] () -- C:\Documents and Settings\Andrea\Bureau\rkill.exe
[2011/02/05 12:38:02 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/31 16:15:40 | 000,000,246 | ---- | M] () -- C:\Boot.bak
[2011/01/31 16:13:32 | 000,021,592 | ---- | M] () -- C:\Documents and Settings\Andrea\Application Data\AF4E.1BE
[2011/01/31 15:59:29 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Andrea\Bureau\dds.scr
[2011/01/31 12:19:48 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 11:02:28 | 000,001,796 | ---- | M] () -- C:\Documents and Settings\Andrea\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/31 09:56:43 | 000,001,007 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/01/28 15:51:36 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe
[2011/01/28 15:16:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/09 16:25:15 | 000,000,142 | ---- | M] () -- C:\WINDOWS\rcwin.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp files -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/02/07 10:26:04 | 000,000,246 | ---- | C] () -- C:\Boot.bak
[2011/02/07 10:26:01 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2011/02/07 10:22:32 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/07 10:22:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/07 10:22:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/07 10:22:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/07 10:22:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/07 10:18:37 | 004,264,433 | R--- | C] () -- C:\Documents and Settings\Andrea\Bureau\ComboFix.exe
[2011/02/05 12:48:17 | 000,720,369 | ---- | C] () -- C:\Documents and Settings\Andrea\Bureau\rkill.exe
[2011/01/31 15:59:28 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Andrea\Bureau\dds.scr
[2011/01/31 11:29:19 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2011/01/31 11:02:28 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/01/31 11:02:28 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Opera.lnk
[2011/01/24 12:28:28 | 000,021,592 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\AF4E.1BE
[2010/08/11 22:00:42 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/20 10:53:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/06/20 10:53:17 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/06/20 10:52:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Andrea\Application Data\$_hpcst$.hpc
[2009/11/06 15:58:17 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4969.dll
[2008/08/27 20:56:28 | 000,000,373 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/08/26 19:16:06 | 000,001,035 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/13 19:26:22 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/15 16:47:05 | 000,015,397 | ---- | C] () -- C:\Program Files\settings.dat
[2008/07/10 17:37:39 | 000,000,157 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2008/07/09 13:56:03 | 000,000,142 | ---- | C] () -- C:\WINDOWS\rcwin.ini
[2008/07/07 16:21:31 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\SX32W.DLL
[2008/07/07 16:01:10 | 000,000,070 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2008/07/07 16:01:06 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2008/07/07 16:01:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll
[2008/07/07 16:01:05 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2008/07/07 16:01:04 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2008/07/07 16:01:02 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2008/07/07 15:43:19 | 000,000,080 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2008/07/07 13:44:42 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Andrea\Local Settings\Application Data\fusioncache.dat
[2008/07/02 23:24:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/02 23:12:17 | 000,001,007 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/02 23:11:25 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/02 23:11:24 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/02 23:11:07 | 000,131,070 | ---- | C] () -- C:\WINDOWS\System32\DellPM.ini
[2008/07/02 22:49:11 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/07/02 22:48:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/07/02 22:47:40 | 000,001,450 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/09/20 23:02:32 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/20 23:02:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/05/02 23:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2004/08/19 13:27:50 | 000,000,821 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 13:14:48 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/19 13:10:38 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
< End of report >
French_User
2011-02-07, 21:18
OTL Extras logfile created on: 07/02/2011 21:11:06 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Andrea\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,02 Gb Total Space | 160,96 Gb Free Space | 54,01% Space Free | Partition Type: NTFS
Computer Name: VOSTRO | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Program files annexes\Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Program files annexes\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Program files annexes\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-2.4.2-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-2.4.2-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\Firefox\firefox.exe" = C:\Program Files\Program files annexes\Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Program files annexes\Warcraft III\Warcraft III.exe" = C:\Program Files\Program files annexes\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- ()
"C:\Program Files\Program files annexes\World of Warcraft\Launcher.exe" = C:\Program Files\Program files annexes\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe" = C:\Program Files\Program files annexes\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Program Files\Program files annexes\Opera 9.5\opera.exe" = C:\Program Files\Program files annexes\Opera 9.5\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Program files annexes\iTunes\iTunes.exe" = C:\Program Files\Program files annexes\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}" = ActivePerl 5.8.3 Build 809
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 16
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E71ED6-AC20-4AED-8C51-0030EE7FB55B}" = SDLX
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{43BD0C58-6E6E-4500-AFB0-263423319604}" = SDL Trados 2007 Freelance
"{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Panneau de configuration MobileMe
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Photo et imagerie HP 2.0 - All-in-One Pilote
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.8.0
"{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}" = SDL Trados Synergy 2007
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8302F817-9F82-40F2-8149-8BB50B0250F7}" = SDL MultiTerm 2007 Desktop
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_BASICR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_BASICR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_BASICR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_BASICR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_BASICR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_BASICR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{913DA816-E8E4-4467-8D22-E2DF5DBF04E4}" = hp psc 2200 series
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Photo et imagerie HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.3 - Français
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2E581DB-C4DD-432C-AC84-ED761AC056BC}" = OpenOffice.org 3.1
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anki" = Anki
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BASICR" = Microsoft Office Basic 2007
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Delivery" = Delivery
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.0.1
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Flock" = Flock 1.2
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP PSC 2200 Series" = Photo et imagerie HP 2.0 - hp psc 2200 series
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"jEdit_is1" = jEdit 4.2
"Le Petit Robert" = Désinstaller Le Petit Robert de la langue française
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"mozy_is1" = MozyHome 1.8.10.0
"MSNINST" = MSN
"OmegaT 1.7.3_02_is1" = OmegaT version 1.7.3_02
"Opera 11.01.1190" = Opera 11.01
"Oxford Advanced Genie" = Oxford Advanced Genie
"PDFCreator Toolbar" = PDFCreator Toolbar
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Search and Replace (shareware)_is1" = Search and Replace
"SearchAssist" = SearchAssist
"SFR_Kit" = SFR - Kit de connexion
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Time Stamp_is1" = Time Stamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service" = Windows XP Service Pack*3
"World of Warcraft" = World of Warcraft
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Le Robert & Collins" = Le Robert & Collins
"Warcraft III" = Warcraft III
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25/01/2011 08:31:06 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3989, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 25/01/2011 08:52:57 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.2.3989, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 25/01/2011 16:28:02 | Computer Name = VOSTRO | Source = Application Error | ID = 1000
Description = Application défaillante plugin-container.exe, version 1.9.2.3989,
module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0000100b.
Error - 28/01/2011 09:04:15 | Computer Name = VOSTRO | Source = Application Error | ID = 1000
Description = Application défaillante explorer.exe, version 6.0.2900.5512, module
défaillant unknown, version 0.0.0.0, adresse de défaillance 0x00000004.
Error - 28/01/2011 09:04:37 | Computer Name = VOSTRO | Source = Application Error | ID = 1000
Description = Application défaillante drwtsn32.exe, version 5.1.2600.0, module défaillant
dbghelp.dll, version 5.1.2600.5512, adresse de défaillance 0x0001295d.
Error - 28/01/2011 09:06:50 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
Error - 30/01/2011 16:19:31 | Computer Name = VOSTRO | Source = Application Hang | ID = 1002
Description = Application bloquée iTunes.exe, version 10.1.1.4, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.
Error - 30/01/2011 16:19:36 | Computer Name = VOSTRO | Source = Bonjour Service | ID = 100
Description = 208: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)
Error - 30/01/2011 16:19:36 | Computer Name = VOSTRO | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)
Error - 30/01/2011 16:19:36 | Computer Name = VOSTRO | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)
[ OSession Events ]
Error - 22/05/2009 02:34:34 | Computer Name = DELLDESKTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17418
seconds with 6060 seconds of active time. This session ended with a crash.
Error - 26/05/2009 05:38:28 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 29378
seconds with 3300 seconds of active time. This session ended with a crash.
Error - 29/05/2009 11:26:26 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52431
seconds with 1440 seconds of active time. This session ended with a crash.
Error - 03/06/2009 07:24:34 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8805
seconds with 1920 seconds of active time. This session ended with a crash.
Error - 06/06/2009 00:17:27 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11340
seconds with 360 seconds of active time. This session ended with a crash.
Error - 10/06/2009 10:55:25 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47963
seconds with 240 seconds of active time. This session ended with a crash.
Error - 30/11/2009 10:06:49 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13516
seconds with 4080 seconds of active time. This session ended with a crash.
Error - 14/06/2010 11:34:42 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32410
seconds with 12480 seconds of active time. This session ended with a crash.
Error - 15/06/2010 19:00:21 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 59786
seconds with 17760 seconds of active time. This session ended with a crash.
Error - 16/06/2010 05:20:16 | Computer Name = VOSTRO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7516
seconds with 2580 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05/02/2011 17:28:36 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Error - 06/02/2011 15:22:52 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193
Error - 06/02/2011 15:24:18 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Error - 07/02/2011 04:15:47 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193
Error - 07/02/2011 04:17:16 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Error - 07/02/2011 05:51:46 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193
Error - 07/02/2011 05:52:39 | Computer Name = VOSTRO | Source = System Error | ID = 1003
Description = Code erreur 00000019, paramètre 1 00000020, paramètre 2 8a642970,
paramètre 3 8a642d88, paramètre 4 1a830001.
Error - 07/02/2011 05:53:16 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
Error - 07/02/2011 15:18:54 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7000
Description = Le service NewServiceInstall1 n'a pas pu démarrer en raison de l'erreur*:
%%193
Error - 07/02/2011 15:20:20 | Computer Name = VOSTRO | Source = Service Control Manager | ID = 7022
Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.
< End of report >
Dakeyras
2011-02-08, 00:29
Hi. :)
Nothing special about my computer. It seems it has a normal behaviour!
OK/good!
Next:
Out of date Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect. We will update this in due course.
Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):
Java(TM) 6 Update 16
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 5
Java(TM) 6 Update 7
To do so, click once on each of the above in turn to highlight and then click on the Remove button.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Click on Start >> Run...(or the Windows key and R togethor) to bring up the Run box and and copy and paste in:
"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\Andrea-Backup2
and click on OK.
Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.
Reset SP3 Firewall:
Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK
Now click on the General tab >> select On(recommended) >> OK.
Custom OTL Script:
Double-click OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:OTL
SRV - (maconfservice) -- File not found
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter =
IE - HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56545
O4 - HKLM..\Run: [conhost] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
[2011/01/28 15:50:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe
[2011/01/24 12:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrea\Bureau\gengokoukan
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp files -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.tmp -> ]
:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"=-
"2869:TCP"=-
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"3724:TCP"=-
"48113:TCP"=-
"48113:UDP"=-
:Commands
[CreateRestorePoint]
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Next:
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and select then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.
French_User
2011-02-08, 11:03
Bonjour!
No problem with my computer now but I wonder why a folder I had on my desktop was moved in _OTL moved files. It contains Word files in Japanese-but not the title- (but it's not the only Japanese file on my computer).
OTL log:
All processes killed
========== OTL ==========
Service maconfservice stopped successfully!
Service maconfservice deleted successfully!
File File not found not found.
HKU\S-1-5-21-3533338748-219100289-1052393598-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\AlwaysUseDefaultPrinter| /E : value set successfully!
HKU\S-1-5-21-3533338748-219100289-1052393598-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\conhost deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Andrea\Bureau\spybotsd162.exe moved successfully.
C:\Documents and Settings\Andrea\Bureau\gengokoukan folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\002865_.tmp deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\~WRL0005.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuration IP de Windows
Cache de résolution DNS vidé.
C:\Documents and Settings\Andrea\Bureau\cmd.bat deleted successfully.
C:\Documents and Settings\Andrea\Bureau\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\AGENT.EXE-04DFD557.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\AVNOTIFY.EXE-05C5A637.pf moved successfully.
C:\WINDOWS\prefetch\AVSCAN.EXE-2BF7605E.pf moved successfully.
C:\WINDOWS\prefetch\AVWSC.EXE-06733DFE.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CONTROL.EXE-24FBF8B3.pf moved successfully.
C:\WINDOWS\prefetch\DSC.EXE-1F2719A1.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-23218E37.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\FINDSTR.EXE-1A4FC238.pf moved successfully.
C:\WINDOWS\prefetch\FIREFOX.EXE-2C930C57.pf moved successfully.
C:\WINDOWS\prefetch\GRPCONV.EXE-375690AD.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
C:\WINDOWS\prefetch\HPRBUPDATE.EXE-1597B6DC.pf moved successfully.
C:\WINDOWS\prefetch\HPWUCLI.EXE-0E3B94E9.pf moved successfully.
C:\WINDOWS\prefetch\ICO.EXE-0C053098.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\IPODSERVICE.EXE-37043579.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-1F614FB2.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-28A3D9B4.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-392A4E93.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-07B23EC5.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-25557CE0.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\JQSNOTIFY.EXE-359F83C5.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0C11AB3F.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-3A5C6C57.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-24ADF392.pf moved successfully.
C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-05335A39.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
C:\WINDOWS\prefetch\MSIF.TMP-221E031A.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-0A0D9309.pf moved successfully.
C:\WINDOWS\prefetch\PLUGIN-CONTAINER.EXE-2CD303DE.pf moved successfully.
C:\WINDOWS\prefetch\PMXMICED.EXE-0E54B71C.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3C98A3C8.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-419F288A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5830CCA7.pf moved successfully.
C:\WINDOWS\prefetch\RUNONCE.EXE-01CA3A2F.pf moved successfully.
C:\WINDOWS\prefetch\SPRTCMD.EXE-19C0DA25.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\THUNDERBIRD.EXE-31C6F96B.pf moved successfully.
C:\WINDOWS\prefetch\UPDATE.EXE-2F5EF2F5.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-32F99497.pf moved successfully.
C:\WINDOWS\prefetch\WMIAPSRV.EXE-02740A4B.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf moved successfully.
C:\WINDOWS\prefetch\WSCRIPT.EXE-0C5C5251.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: Administrateur
User: All Users
User: Andrea
->Flash cache emptied: 2136854 bytes
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 2,00 mb
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Andrea
->Temp folder emptied: 710540 bytes
->Temporary Internet Files folder emptied: 57593521 bytes
->Java cache emptied: 48736069 bytes
->FireFox cache emptied: 105968550 bytes
->Apple Safari cache emptied: 122442752 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 327706 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 320,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 02082011_103146
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Andrea\Local Settings\Temp\Perflib_Perfdata_5e8.dat not found!
Registry entries deleted on Reboot...
French_User
2011-02-08, 11:04
I didn't pay attention and installed Malwarebytes in French. It detected no malware"(Aucun élément nuisible détecté)".
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5709
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
08/02/2011 10:49:45
mbam-log-2011-02-08 (10-49-45).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 164748
Temps écoulé: 3 minute(s), 29 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Dakeyras
2011-02-08, 11:45
Hi. :)
I wonder why a folder I had on my desktop was moved in _OTL moved files. It contains Word files in Japanese-but not the title- (but it's not the only Japanese file on my computer).
My sincere apologies, are you referring to this folder, gengokoukan? If so it can be restored again/I can provide instructions how to do so.
I didn't pay attention and installed Malwarebytes in French. It detected no malware"(Aucun élément nuisible détecté)".
Not a problem.
Check Hard Disk For Errors:
Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
French_User
2011-02-08, 12:05
Thank you for your quick reply!
Yes, it's "gengokoukan"! It's no big deal but if I can have it again, great!
As for the command to check for errors, a command window opens for less than one second and I can't find checkhd.txt (I made a search).
Dakeyras
2011-02-08, 12:39
Hi. :)
Thank you for your quick reply!
You're welcome!
Yes, it's "gengokoukan"! It's no big deal but if I can have it again, great!
OK.
As for the command to check for errors, a command window opens for less than one second and I can't find checkhd.txt (I made a search).
Hmmm no reason why it should not have been created unless there is a actual fault with the Hard-Drive...Though I have not seen any indication of such, anyway as a precaution we will perform some in-depth System Maintenance before we proceed any further after restoring the aforementioned folder.
Now I need to locate the exact location of the folder so we can restore it as follows:-
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
gengokoukan
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
French_User
2011-02-08, 14:05
SystemLook 04.09.10 by jpshortstuff
Log created at 13:55 on 08/02/2011 by Andrea
Administrator - Elevation successful
========== folderfind ==========
Searching for "gengokoukan"
C:\Documents and Settings\Andrea\Bureau\sauvostro1\gengokoukan d------ [11:06 31/01/2011]
C:\_OTL\MovedFiles\02082011_103146\C_Documents and Settings\Andrea\Bureau\gengokoukan d------ [11:24 24/01/2011]
-= EOF =-
Dakeyras
2011-02-08, 16:30
Hi. :)
Custom OTL Script:
Double OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\Documents and Settings\Andrea\Bureau\gengokoukan|C:\_OTL\MovedFiles\02082011_103146\C_Documents and Settings\Andrea\Bureau\gengokoukan /replace
[EmptyTemp]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.
Hard-Drive Maintenance/Repair:
Note: for the CHKDSK portion you may refer to this tutorial of mine here (http://forums.whatthetech.com/How_run_CHKDSK_Windows_XP_t102348.html) and follow the instructions for Graphical Mode if you so wish.
Click Start >> Run... then type in CMD and click on OK.
At the Command Prompt C:\ > type the following:
CD C:\ and hit the Enter/Return key.
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
This may take some time, when completed the Command Prompt C:\ > will appear.
Now type in CHKDSK C: /R and hit the Enter/Return key.
When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
Hit the Y key then at the Command Prompt C:\ >
Type in EXIT and and hit the Enter/Return key.
Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.
You should see a screen like this just after the Post(power on self test) screen:
http://i223.photobucket.com/albums/dd202/Dakeyras_album/ChkDsk01.png
Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.
When completed the above, please post back the following in the order asked for:
How is you computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
French_User
2011-02-09, 22:51
Hi :)
The file that had been moved by OTL ("gengokoukan") is back on my desktop. Thank you!
No problem with my computer. Maybe it starts now more quickly, but not sure. I didn't see the screen you mentioned in your last post but I walked away from my computer just after I hit the reboot button for 1 minute (I thought it was going to install some Microsoft updates first but it didn't).
OTL log:
All processes killed
========== FILES ==========
File C:\Documents and Settings\Andrea\Bureau\gengokoukan successfully replaced with C:\_OTL\MovedFiles\02082011_103146\C_Documents and Settings\Andrea\Bureau\gengokoukan
File\Folder [EmptyTemp] not found.
File\Folder [Reboot] not found.
OTL by OldTimer - Version 3.2.20.6 log created on 02092011_142443
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Dakeyras
2011-02-10, 00:20
Hi. :)
The file that had been moved by OTL ("gengokoukan") is back on my desktop. Thank you!
You're welcome!
No problem with my computer. Maybe it starts now more quickly, but not sure. I didn't see the screen you mentioned in your last post but I walked away from my computer just after I hit the reboot button for 1 minute (I thought it was going to install some Microsoft updates first but it didn't).
OK.
TFC(Temp File Cleaner):
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in the bottom left of TFC
If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.
New Java Installation:
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java SE 6 Update 23 (JDK or JRE). Click on Download JRE.
Select Windows from the drop-down list for Platform.
Check (tick) Java SE Runtime Environment 6u23 with JavaFX License Agreement box and click on Continue.
Click on jre-6u23-windows-i586.exe link to download it and save this to your Desktop.
Double-click on jre-6u23-windows-i586.exe to install Java.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).
Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
When completed the above, please post back the following:
How is you computer performing now? Any problems encountered and or any further symptoms?
Eset Log.
French_User
2011-02-10, 12:55
Hello!
My computer has a normal behaviour.
ESET log:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=de62a4a7dd427c4bad9f609291b7fa94
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-10 11:29:09
# local_time=2011-02-10 12:29:09 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 100 269391 72847636 49116 0
# compatibility_mode=8192 67108863 100 0 4027 4027 0 0
# scanned=144974
# found=8
# cleaned=0
# scan_time=5021
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000008.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP1\A0000027.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP2\A0000052.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP2\A0000077.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP3\A0000101.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP4\A0000224.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP4\A0000253.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP4\A0000254.exe a variant of Win32/Kryptik.KFV trojan (unable to clean) 00000000000000000000000000000000 I
Dakeyras
2011-02-10, 15:58
Hi. :)
My computer has a normal behaviour.
Good.
What has been detected by the online scan denotes infected System Restore points. Which will be addressed during the ComboFix uninstallation procedure(below), it will flush the aforementioned and set a new clean one etc.
Next:
Congratulations your computer appears to be malware free!
Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.
Importance of Regular System Maintenance:
I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.
Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Also so is this:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)
Uninstall ComboFix:
Click on Start >> Run...
Now type in ComboFix /Uninstall into the and click OK.
Note the space between the X and the /Uninstall, it needs to be there.
http://i280.photobucket.com/albums/kk173/Dakeyras_album2/CF-Uninstall.png
Clean up with OTL:
Double-click OTL to start the program.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc. Any left over merely delete yourself and empty the Recycle Bin.
Now some advice for on-line safety:
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.
Other installed security software:
Your presently installed security application, Avira AntiVir automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advise you also run a complete scan with this also once per week.
Erunt:
Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.
Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!
Keep your system updated:
Microsoft releases patches for Windows and other products regularly:
I advise you visit: http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
Install the Active X
Once installed it will advise set Auto-Updates if not set and you then you will be able to manually check for updates also via:
Start >> All Programs >> Microsoft Updates
Be careful when opening attachments and downloading files:
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Avoid Peer to Peer software:
P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above!
Install WinPatrol:
WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.
Download it from here (http://www.winpatrol.com/download.html).
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).
Next:
This is a very helpful/useful set of advice from Microsoft: Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx).
Any questions? Feel free to ask, if not stay safe!
French_User
2011-02-12, 14:57
Thank you very much for your assistance and your time! Merci beaucoup!:bigthumb:
I followed almost all the instructions in your last message and I am reading the security recommandations.
I was wondering:
-How to make sure the USB memory stick I connect to my computer is not infected?
-Can I download attachments of contacts I know and scan them with malwarebytes before extracting/opening them?
:thanks:
Dakeyras
2011-02-12, 17:10
Hi. :)
Thank you very much for your assistance and your time! Merci beaucoup! :thumbsup:
You're welcome!
How to make sure the USB memory stick I connect to my computer is not infected?
Follow the below advice:-
Flash Disinfector:
Please download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your desktop.
Double click to run it.
You will be prompted to plug in your flash(USB) drive. Plug it in.
Flash_Disinfector will start disinfecting your flash(USB) and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Next:
Can I download attachments of contacts I know and scan them with malwarebytes before extracting/opening them?
Aye that is perfectly feasible, right-click on the file and select Scan with Malwarebytes' Anti-Malware
You could also scan with Avira AntiVir, right-click on the file and select Scan selected files with AntiVir
Or you could actually upload the file to be checked by say Jotti's malware scan (http://virusscan.jotti.org/en-gb) or VirSCAN (http://virscan.org/) for example.
French_User
2011-02-12, 22:45
One more time: thanks for helping efficiently, rapidly and for free.
Now that my computer is secure, I can transfer some money to Ireland... ;)
:)
Dakeyras
2011-02-12, 23:04
One more time: thanks for helping efficiently, rapidly and for free.
You're most welcome! :)
Now that my computer is secure, I can transfer some money to Ireland...;)
Somewhat ironic that......I am Irish actually.
Next:
Any further questions, feel free to ask...If not I will ask for this topic to be both archived/closed within twenty four hours.
Jack&Jill
2011-02-16, 02:41
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)