Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VBS/Autorun.worm.zo, Yuyun_Cantix and no connectivity.

Started by Greki , Mar 28 2010 04:36 PM

  • Please log in to reply

#16
Greki
Posted 29 March 2010 - 06:37 PM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix 10-03-29.02 - Utilisateur 29/03/2010 18:15:50.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.335 [GMT -6:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\george.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2772323249-920050197-4199655784-1003
c:\recycler\S-1-5-21-6588174669-2331182405-749565744-4668
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-30 ))))))))))))))))))))))))))))))))))))
.

2010-03-29 02:18 . 2010-03-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-29 02:18 . 2010-03-29 04:37 -------- d-----w- c:\program files\Autorun Eater
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-03-29 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 02:14 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:06 . 2010-03-29 04:44 -------- d-----w- c:\program files\ERUNT
2010-03-22 21:44 . 2010-03-29 04:55 -------- d-----w- c:\program files\Recuva
2010-03-18 05:32 . 2010-03-18 05:32 439816 ----a-w- c:\documents and settings\Utilisateur\Application Data\Real\Update\setup3.10\setup.exe
2010-03-16 00:30 . 2010-03-16 03:59 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\IObit
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-15 22:24 . 2010-03-29 04:44 -------- d-----w- c:\program files\IObit
2010-03-15 21:37 . 2010-03-29 04:17 -------- d-----w- C:\$AVG
2010-03-15 21:17 . 2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 21:17 . 2010-03-15 21:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 21:17 . 2010-03-15 21:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:17 . 2010-03-15 21:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 21:17 . 2010-03-26 23:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-15 21:16 . 2010-03-29 04:37 -------- d-----w- c:\program files\AVG
2010-03-15 21:16 . 2010-03-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 20:10 . 2010-03-29 05:00 -------- d-----w- c:\windows\BDOSCAN8
2010-03-15 19:57 . 2010-03-15 20:02 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\QuickScan
2010-03-15 19:57 . 2010-03-06 00:33 791456 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-15 19:57 . 2010-03-06 00:03 629152 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-30 00:14 . 2009-06-08 21:50 82172 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-30 00:14 . 2009-06-08 21:50 504226 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-29 04:54 . 2009-06-08 22:02 -------- d-----w- c:\program files\Windows Live
2010-03-29 04:53 . 2009-06-09 14:17 -------- d-----w- c:\program files\SRS Labs
2010-03-29 04:52 . 2009-09-17 12:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 04:52 . 2009-09-17 13:09 -------- d-----w- c:\program files\Reference Assemblies
2010-03-29 04:50 . 2009-09-17 12:23 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-29 04:47 . 2009-09-17 13:09 -------- d-----w- c:\program files\MSBuild
2010-03-29 04:44 . 2009-09-17 12:23 -------- d-----w- c:\program files\JRE
2010-03-29 04:44 . 2009-06-08 21:14 -------- d-----w- c:\program files\Intel
2010-03-29 04:44 . 2009-06-08 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 04:44 . 2009-10-17 20:12 -------- d-----w- c:\program files\Google
2010-03-29 04:44 . 2009-07-15 07:54 -------- d-----w- c:\program files\EeePC
2010-03-29 04:44 . 2009-09-17 12:10 -------- d-----w- c:\program files\DynGate
2010-03-29 04:44 . 2009-09-22 16:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 04:42 . 2009-06-08 22:02 -------- d-----w- c:\program files\Microsoft
2010-03-29 04:42 . 2009-06-08 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-03-29 04:38 . 2009-09-17 12:10 -------- d-----w- c:\program files\CyberLink
2010-03-29 04:37 . 2009-06-08 21:19 -------- d-----w- c:\program files\Atheros
2010-03-29 04:37 . 2009-06-08 21:53 -------- d-----w- c:\program files\ASUS
2010-03-29 04:37 . 2009-09-17 12:12 -------- d-----w- c:\program files\Alwil Software
2010-03-29 03:31 . 2010-03-29 03:31 509 ----a-w- c:\windows\Fonts\New Harry Potter and....lnk
2010-03-29 03:31 . 2010-03-29 03:31 481 ----a-w- c:\windows\Fonts\Microsoft.lnk
2010-03-27 02:12 . 2009-10-05 02:47 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2010-03-26 22:03 . 2009-10-05 02:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\skypePM
2010-03-16 00:26 . 2009-09-17 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 15:34 . 2009-06-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 19:49 . 2010-02-22 17:54 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3
2010-02-02 16:27 . 2009-09-19 09:52 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-15 11:46 . 2009-09-17 15:21 74632 -c--a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2009-06-08 21:50 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-16 397312]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EeeStorageBackup"="c:\program files\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-15 3054136]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-9 376832]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 22:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/03/2010 15:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/03/2010 15:17 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 15:16 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [15/03/2010 16:24 311568]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19/05/2009 10:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [15/07/2009 01:54 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29/04/2009 03:10 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [09/06/2009 08:17 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/04/2009 05:25 39040]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/09/2009 10:32 685816]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:13 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/06/2009 15:16 1684736]
.
Contenu du dossier 'Tâches planifiées'

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]

2010-03-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-16 21:30]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe



**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
Heure de fin: 2010-03-29 18:24:42
ComboFix-quarantined-files.txt 2010-03-30 00:24

Avant-CF: 61 122 367 488 octets libres
Après-CF: 61 088 960 512 octets libres

- - End Of File - - FE8877A12D1A7CB3CEEAFBA9A6F16E3E



-----------------------------


I didn't install the Recovery Console.

Also, I didn't attach the OTL log because after I clicked the 90 day option for the file ages and started the Quick Scan, they went back to 14 days. Is that what's supposed to do?

Also, I didn't know whether I should perform the scan according to the Cleaning Guide. (That is, adding all the stuff under the custom scan).
  • 0

Advertisements

#17
RKinner
Posted 29 March 2010 - 07:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I think if not system restore then Last Known Good must have kicked in. The two .lnk files I see in Combofix have current dates so you need to go back into the registry and delete the same things as before.

Probably you need to push the other scan button when you change the time period on OTL instead of the quick scan. I don't use the program much myself. We don't need the stuff they paste in.

I see two of the bad lnks. Let's see if Combofix can eat them.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

File::
c:\windows\Fonts\New Harry Potter and....lnk
c:\windows\Fonts\Microsoft.lnk


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#18
Greki
Posted 29 March 2010 - 07:23 PM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Do I run OTL before or after the Combofix?
  • 0

#19
RKinner
Posted 29 March 2010 - 07:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
after will do
  • 0

#20
Greki
Posted 29 March 2010 - 07:44 PM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
After killing those entries the PC rebooted, and I think it killed the Combofix (blue screen, no action). Do I reboot again and start over?

Also, when I went back to the bleepingcomputer site where I downloaded the Combofix, there included a way to manually install the Recovery Console. Should I try it out?

Edited by Greki, 29 March 2010 - 09:52 PM.

  • 0

#21
Greki
Posted 30 March 2010 - 07:45 PM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hmmm, when I started the laptop today the errors no longer appeared, but I didn't finish the Combofix last time. Should I start over again?
  • 0

#22
RKinner
Posted 30 March 2010 - 10:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You can install the Recovery Console manually if you want. Go ahead and run Combofix again with or without the Recovery Console. Just remember to drag the CFScript.txt file on to it to start it.

Ron
  • 0

#23
Greki
Posted 30 March 2010 - 11:17 PM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I think it got killed, again.

It got stuck on the "Thank you for waiting" after the second reboot.
  • 0

#24
Greki
Posted 30 March 2010 - 11:54 PM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Yep, gets stuck on the second reboot. I think, however that it got those entries the first time.
  • 0

#25
Greki
Posted 31 March 2010 - 12:07 AM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
It finally worked. I'm currently running the OTL in 90 days.
  • 0

Advertisements

#26
RKinner
Posted 31 March 2010 - 12:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
OK we'll try it another way.

Start, Run, cmd, OK to bring up a command window. Type with an Enter after each line:

cd \windows\Fonts

(cd SPACE \windows\fonts)

attrib -r -s -h *.lnk

(attrib SPACE -r SPACE -s SPACE -h SPACE *.lnk)

del *.lnk

(del SPACE *.lnk)

(if it asks you if you are sure)

y

(You can search for all of the .lnk and .db files from the command prompt)

cd \

(cd SPACE \)

dir /a /s *.lnk

(dir SPACE /a SPACE /s SPACE *.lnk )

Then go through the list and cd to each folder where it finds .lnk files and do the same thing.

Repeat for *.db

Try running combofix without the script. Let's see if that works.

Ron
  • 0

#27
Greki
Posted 31 March 2010 - 12:09 AM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Okay.
  • 0

#28
Greki
Posted 31 March 2010 - 12:16 AM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix 10-03-29.02 - Utilisateur 30/03/2010 23:57:22.5.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.378 [GMT -6:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\george.exe
Commutateurs utilisés :: c:\documents and settings\Utilisateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-28 au 2010-03-31 ))))))))))))))))))))))))))))))))))))
.

2010-03-30 00:14 . 2010-03-30 00:24 -------- d-----w- C:\george
2010-03-29 02:18 . 2010-03-29 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
2010-03-29 02:18 . 2010-03-29 04:37 -------- d-----w- c:\program files\Autorun Eater
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 02:14 . 2010-03-29 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-29 02:14 . 2010-03-29 04:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 02:14 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 02:06 . 2010-03-29 04:44 -------- d-----w- c:\program files\ERUNT
2010-03-22 21:44 . 2010-03-29 04:55 -------- d-----w- c:\program files\Recuva
2010-03-18 05:32 . 2010-03-18 05:32 439816 ----a-w- c:\documents and settings\Utilisateur\Application Data\Real\Update\setup3.10\setup.exe
2010-03-16 00:30 . 2010-03-16 03:59 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\IObit
2010-03-15 22:24 . 2010-03-15 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-15 22:24 . 2010-03-29 04:44 -------- d-----w- c:\program files\IObit
2010-03-15 21:37 . 2010-03-29 04:17 -------- d-----w- C:\$AVG
2010-03-15 21:17 . 2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 21:17 . 2010-03-15 21:17 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 21:17 . 2010-03-15 21:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-15 21:17 . 2010-03-15 21:17 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 21:17 . 2010-03-26 23:46 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-15 21:16 . 2010-03-29 04:37 -------- d-----w- c:\program files\AVG
2010-03-15 21:16 . 2010-03-15 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-15 20:10 . 2010-03-29 05:00 -------- d-----w- c:\windows\BDOSCAN8
2010-03-15 19:57 . 2010-03-15 20:02 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\QuickScan
2010-03-15 19:57 . 2010-03-06 00:33 791456 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-03-15 19:57 . 2010-03-06 00:03 629152 ----a-w- c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 05:59 . 2009-06-08 21:50 82172 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-31 05:59 . 2009-06-08 21:50 504226 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-29 04:54 . 2009-06-08 22:02 -------- d-----w- c:\program files\Windows Live
2010-03-29 04:53 . 2009-06-09 14:17 -------- d-----w- c:\program files\SRS Labs
2010-03-29 04:52 . 2009-09-17 12:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-29 04:52 . 2009-09-17 13:09 -------- d-----w- c:\program files\Reference Assemblies
2010-03-29 04:50 . 2009-09-17 12:23 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-29 04:47 . 2009-09-17 13:09 -------- d-----w- c:\program files\MSBuild
2010-03-29 04:44 . 2009-09-17 12:23 -------- d-----w- c:\program files\JRE
2010-03-29 04:44 . 2009-06-08 21:14 -------- d-----w- c:\program files\Intel
2010-03-29 04:44 . 2009-06-08 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-29 04:44 . 2009-10-17 20:12 -------- d-----w- c:\program files\Google
2010-03-29 04:44 . 2009-07-15 07:54 -------- d-----w- c:\program files\EeePC
2010-03-29 04:44 . 2009-09-17 12:10 -------- d-----w- c:\program files\DynGate
2010-03-29 04:44 . 2009-09-22 16:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-03-29 04:42 . 2009-06-08 22:02 -------- d-----w- c:\program files\Microsoft
2010-03-29 04:42 . 2009-06-08 20:09 -------- d-----w- c:\program files\microsoft frontpage
2010-03-29 04:38 . 2009-09-17 12:10 -------- d-----w- c:\program files\CyberLink
2010-03-29 04:37 . 2009-06-08 21:19 -------- d-----w- c:\program files\Atheros
2010-03-29 04:37 . 2009-06-08 21:53 -------- d-----w- c:\program files\ASUS
2010-03-29 04:37 . 2009-09-17 12:12 -------- d-----w- c:\program files\Alwil Software
2010-03-27 02:12 . 2009-10-05 02:47 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\Skype
2010-03-26 22:03 . 2009-10-05 02:49 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\skypePM
2010-03-16 00:26 . 2009-09-17 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 15:34 . 2009-06-08 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-09 19:49 . 2010-02-22 17:54 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\U3
2010-02-02 16:27 . 2009-09-19 09:52 -------- d-----w- c:\documents and settings\Utilisateur\Application Data\dvdcss
2010-01-15 11:46 . 2009-09-17 15:21 74632 -c--a-w- c:\documents and settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 16:50 . 2009-06-08 21:50 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-03-30_00.21.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-08 21:50 . 2010-03-30 00:14 68804 c:\windows\system32\perfc009.dat
+ 2009-06-08 21:50 . 2010-03-31 05:59 68804 c:\windows\system32\perfc009.dat
+ 2009-06-08 21:50 . 2010-03-31 05:59 435908 c:\windows\system32\perfh009.dat
- 2009-06-08 21:50 . 2010-03-30 00:14 435908 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2008-07-25 09:16 282112 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-05-19 3417336]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-16 397312]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-11 17881600]
"EasyMode"="c:\program files\\ASUS\\Easy Mode\\Easy Mode.exe" [2009-03-18 1249280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-06-18 696320]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-08 98304]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2009-06-25 712704]
"EeeStorageBackup"="c:\program files\ASUS\Eee Storage\BackupService.exe" [2009-06-08 935184]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-15 3054136]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-10-17 198160]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-9 376832]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-5 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 21:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-24 22:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/03/2010 15:17 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15/03/2010 15:17 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 15:16 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [15/03/2010 16:24 311568]
R2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [19/05/2009 10:29 107744]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [15/07/2009 01:54 5097632]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29/04/2009 03:10 38912]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [09/06/2009 08:17 233512]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [21/04/2009 05:25 39040]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/09/2009 10:32 685816]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 12:13 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [08/06/2009 15:16 1684736]
.
Contenu du dossier 'Tâches planifiées'

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:13]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\
FF - component: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 00:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2010-03-31 00:05:25
ComboFix-quarantined-files.txt 2010-03-31 06:05
ComboFix2.txt 2010-03-30 00:24

Avant-CF: 61 064 617 984 octets libres
Après-CF: 61 031 444 480 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 4FBA1C595DE49307D4AFC949A3986E39

OTL logfile created on: 31/03/2010 00:07:02 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Utilisateur\Bureau\geeks2go
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 403,00 Mb Available Physical Memory | 40,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82,82 Gb Total Space | 56,86 Gb Free Space | 68,65% Space Free | Partition Type: NTFS
Drive D: | 61,29 Gb Total Space | 61,22 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 160,41 Gb Free Space | 68,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 955,73 Mb Total Space | 951,28 Mb Free Space | 99,53% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-2NALM312DA
Current User Name: Utilisateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/20 22:51:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\geeks2go\OTL.exe
PRC - [2010/03/15 15:17:01 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/15 15:17:01 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/15 15:17:01 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/15 15:17:01 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/15 15:16:57 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/19 10:29:58 | 000,107,744 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
PRC - [2008/04/14 06:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/20 22:51:42 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\geeks2go\OTL.exe
MOD - [2008/04/14 06:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 06:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 06:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 06:00:00 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 06:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 15:16:57 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/19 10:29:58 | 000,107,744 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe -- (SRS_VolSync_Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 06:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/03/15 15:17:38 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/15 15:17:20 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/15 15:17:19 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/22 10:32:59 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/24 16:14:00 | 005,097,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (igd)
DRV - [2009/05/18 02:27:10 | 000,233,512 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2009/05/12 09:18:54 | 005,080,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/27 08:43:42 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/06 14:58:44 | 000,208,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/03/01 23:03:46 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/12/30 02:53:54 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/12/30 02:53:54 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/12/30 02:53:54 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/12/30 02:53:52 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/12/30 02:53:52 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/12/30 02:53:50 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/11/18 19:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/08/05 12:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/14 06:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 07:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 07:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/15 15:16:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 11:44:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 08:05:16 | 000,000,000 | ---D | M]

[2009/09/18 05:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Extensions
[2010/03/28 14:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions
[2009/09/23 02:35:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/15 13:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\4xmwg7xk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/09/17 06:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/05 21:00:12 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009/10/05 21:00:12 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/10/05 21:00:13 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/10/05 21:00:13 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/10/05 21:00:13 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/03/15 17:55:07 | 000,331,221 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11344 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [EasyMode] C:\Program Files\ASUS\Easy Mode\Easy Mode.exe ()
O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Eee Storage\BackupService.exe (ECAREME)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1253191491827 (WUWebControl Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/08 14:08:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 22:17:43 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 21:31:37 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 21:31:37 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 21:49:40 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/03/31 00:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/30 23:56:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/30 23:52:45 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Utilisateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2010/03/29 18:14:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 18:14:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 18:14:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 18:14:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 18:14:22 | 000,000,000 | ---D | C] -- C:\george
[2010/03/28 23:18:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/28 20:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2010/03/28 20:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2010/03/28 20:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
[2010/03/28 20:14:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/28 20:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/28 20:14:40 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 20:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/28 20:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/28 20:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/28 19:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Bureau\Software Fix
[2010/03/28 19:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Bureau\geeks2go
[2010/03/22 16:46:21 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2010/03/22 15:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/03/15 18:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\IObit
[2010/03/15 16:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/03/15 16:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/03/15 15:37:11 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/03/15 15:17:39 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/15 15:17:38 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/15 15:17:20 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/15 15:17:19 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/15 15:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/03/15 15:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/15 15:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/15 15:14:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/15 15:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/15 15:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/15 15:14:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/15 14:10:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/03/15 13:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\QuickScan
[2010/03/10 16:38:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Utilisateur\Mes documents\Mes sources de données
[2010/02/26 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Temp
[2010/02/23 23:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Mes documents\Téléchargements
[2010/02/22 11:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\U3
[2010/02/12 20:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Mes documents\Dossier Bluetooth Exchange
[2010/01/30 10:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 12:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

========== Files - Modified Within 90 Days ==========

[2010/03/31 00:07:11 | 001,102,144 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/31 00:07:11 | 000,504,226 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/31 00:07:11 | 000,435,908 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/31 00:07:11 | 000,082,172 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/31 00:07:11 | 000,068,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/31 00:05:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 00:02:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/30 23:56:12 | 000,000,286 | RHS- | M] () -- C:\boot.ini
[2010/03/30 23:55:02 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/30 23:54:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 23:53:38 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Utilisateur\NTUSER.DAT
[2010/03/30 23:53:38 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Utilisateur\ntuser.ini
[2010/03/30 23:53:34 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\IconCache.db
[2010/03/30 23:50:48 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Utilisateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2010/03/30 23:29:15 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/29 18:01:36 | 003,905,917 | R--- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\george.exe
[2010/03/28 21:31:29 | 000,000,509 | ---- | M] () -- C:\WINDOWS\tasks\New Harry Potter and....lnk
[2010/03/28 21:31:29 | 000,000,481 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\1036.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\1033.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\1031.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\1028.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\1025.lnk
[2010/03/28 21:31:28 | 000,000,509 | ---- | M] () -- C:\WINDOWS\System\New Harry Potter and....lnk
[2010/03/28 21:31:28 | 000,000,489 | ---- | M] () -- C:\WINDOWS\System32\New Harry Potter and....lnk
[2010/03/28 21:31:28 | 000,000,481 | ---- | M] () -- C:\WINDOWS\System\Microsoft.lnk
[2010/03/28 21:31:28 | 000,000,461 | ---- | M] () -- C:\WINDOWS\System32\Microsoft.lnk
[2010/03/28 21:29:25 | 000,000,507 | ---- | M] () -- C:\WINDOWS\New Harry Potter and....lnk
[2010/03/28 21:29:25 | 000,000,479 | ---- | M] () -- C:\WINDOWS\Microsoft.lnk
[2010/03/28 20:09:46 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/28 20:09:46 | 000,000,216 | ---- | M] () -- C:\Boot.bak
[2010/03/26 19:11:09 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\_Questionnaire.doc
[2010/03/26 17:46:20 | 057,871,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/26 10:08:08 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2010/03/24 11:44:33 | 006,940,160 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\ca continue 2.doc
[2010/03/24 11:43:53 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Raccourci vers Microsoft Office Word 2007.lnk
[2010/03/24 11:34:06 | 009,834,496 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\Ca continue1.doc
[2010/03/24 08:44:42 | 000,842,757 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\Ma petite vie à Monterrey1.docx
[2010/03/22 16:44:09 | 003,125,248 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\[000611].jpg
[2010/03/22 16:44:08 | 003,148,800 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\[000609].jpg
[2010/03/22 15:44:16 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Recuva.lnk
[2010/03/19 16:37:52 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\troisième partie du mémoire.doc
[2010/03/19 14:48:41 | 000,069,236 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\17337_446054775256_664210256_10564820_6292310_n.jpg
[2010/03/15 18:48:04 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Smart Defrag.lnk
[2010/03/15 18:30:30 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Advanced SystemCare.lnk
[2010/03/15 17:55:07 | 000,331,221 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/15 17:53:59 | 000,331,221 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100315-175507.backup
[2010/03/15 16:24:40 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\IObit Security 360.lnk
[2010/03/15 15:31:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/15 15:17:39 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/15 15:17:39 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 9.0.lnk
[2010/03/15 15:17:38 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/15 15:17:20 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/15 15:17:19 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/15 15:17:19 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/15 14:32:43 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 09:32:28 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/09 19:15:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/06 11:00:53 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\~$oisième partie du mémoire.doc
[2010/02/25 08:35:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 08:34:53 | 000,607,744 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Libro familia de la luz.doc
[2010/01/15 05:46:02 | 000,074,632 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/15 05:45:16 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/14 13:06:41 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/31 10:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

========== Files Created - No Company Name ==========

[2010/03/30 23:56:12 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2010/03/30 23:56:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/29 18:14:32 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 18:14:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 18:14:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 18:14:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 18:14:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/28 23:16:39 | 003,905,917 | R--- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\george.exe
[2010/03/28 21:31:29 | 000,008,432 | RHS- | C] () -- C:\WINDOWS\tasks\Thumb.db
[2010/03/28 21:31:29 | 000,000,509 | ---- | C] () -- C:\WINDOWS\tasks\New Harry Potter and....lnk
[2010/03/28 21:31:29 | 000,000,481 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\1036.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\1033.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\1031.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\1028.lnk
[2010/03/28 21:31:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\1025.lnk
[2010/03/28 21:31:28 | 000,008,432 | RHS- | C] () -- C:\WINDOWS\System32\Thumb.db
[2010/03/28 21:31:28 | 000,008,432 | RHS- | C] () -- C:\WINDOWS\System\Thumb.db
[2010/03/28 21:31:28 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System\New Harry Potter and....lnk
[2010/03/28 21:31:28 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\New Harry Potter and....lnk
[2010/03/28 21:31:28 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System\Microsoft.lnk
[2010/03/28 21:31:28 | 000,000,461 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.lnk
[2010/03/28 21:29:25 | 000,008,432 | RHS- | C] () -- C:\WINDOWS\Thumb.db
[2010/03/28 21:29:25 | 000,000,507 | ---- | C] () -- C:\WINDOWS\New Harry Potter and....lnk
[2010/03/28 21:29:25 | 000,000,479 | ---- | C] () -- C:\WINDOWS\Microsoft.lnk
[2010/03/26 19:11:07 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\_Questionnaire.doc
[2010/03/24 11:44:32 | 006,940,160 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\ca continue 2.doc
[2010/03/24 11:34:03 | 009,834,496 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\Ca continue1.doc
[2010/03/24 08:44:38 | 000,842,757 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\Ma petite vie à Monterrey1.docx
[2010/03/22 16:44:09 | 003,125,248 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\[000611].jpg
[2010/03/22 16:44:08 | 003,148,800 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\[000609].jpg
[2010/03/22 15:44:16 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Recuva.lnk
[2010/03/19 14:48:40 | 000,069,236 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\17337_446054775256_664210256_10564820_6292310_n.jpg
[2010/03/15 18:48:04 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Smart Defrag.lnk
[2010/03/15 18:30:30 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Advanced SystemCare.lnk
[2010/03/15 16:24:40 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\IObit Security 360.lnk
[2010/03/15 15:17:39 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\AVG Free 9.0.lnk
[2010/03/15 15:17:19 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/15 15:17:10 | 057,871,315 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/06 11:00:53 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\~$oisième partie du mémoire.doc
[2010/03/06 11:00:52 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\troisième partie du mémoire.doc
[2010/02/09 08:34:52 | 000,607,744 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Libro familia de la luz.doc
[2010/01/29 12:13:19 | 000,001,054 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/29 12:13:19 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/23 19:47:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/04 20:49:46 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2009/09/23 06:18:18 | 000,238,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/21 09:09:30 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 01:54:31 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/07/15 01:54:31 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/07/15 01:54:11 | 000,004,343 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/07/15 01:54:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/06/09 08:37:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/09 08:17:13 | 000,233,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/06/08 15:50:51 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/05 15:46:14 | 000,000,492 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/05 01:07:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 03:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 03:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 04:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >


There it is, do I run the mentioned commands?
  • 0

#29
Greki
Posted 31 March 2010 - 12:32 AM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Even after Combofix, the command windows caught several .lnk entries. Do search for them? (I appologize, I did not understand well what to do with this part.)
  • 0

#30
Greki
Posted 31 March 2010 - 12:41 AM

Greki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Do I delete those files the traditional way? Selecting them plus "delete"?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP