Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows update blocked, google redirect [SOLVED] [Solved]


  • This topic is locked This topic is locked

#1
jbleveque

jbleveque

    New Member

  • Member
  • Pip
  • 5 posts
Hello helpers,

I am unable to access windows update on my dad's computer, other websites work ok both in IE and FF.
Sometimes I get the yellow shield icon in the bottom right corner, showing windows autoupdate status but it's stuck at 0%.
Now and then, when loading a webpage I get an extra page that opens randomly, generally to a mock antivirus "software" page.

His computer hadn't had an antivirus for god knows how long, I just started accessing it a week ago via teamviewer (I live in a different country).

Avast woudln't find anything and get disabled by whatever was there, BitDefender's online scan found Gen.variant.Beax.2 or something like that, and mbam removed a whole lot of junk to start with.

I then followed the sticker Cleaning Guide, didn't have much luck with it, notably gmer crashes each time, even after redownloading it.
Here are my logs, do you have any ideas?
www.malwarebytes.org

Version de la base de données _linenums:4151'>Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgVersion de la base de données: 4151Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870207/06/2010 03:55:23mbam-log-2010-06-07 (03-55-23).txtType d'examen: Examen rapideElément(s) analysé(s): 115110Temps écoulé: 16 minute(s), 34 seconde(s)Processus mémoire infecté(s): 0Module(s) mémoire infecté(s): 0Clé(s) du Registre infectée(s): 1Valeur(s) du Registre infectée(s): 0Elément(s) de données du Registre infecté(s): 0Dossier(s) infecté(s): 0Fichier(s) infecté(s): 0Processus mémoire infecté(s):(Aucun élément nuisible détecté)Module(s) mémoire infecté(s):(Aucun élément nuisible détecté)Clé(s) du Registre infectée(s):HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Quarantined and deleted successfully.Valeur(s) du Registre infectée(s):(Aucun élément nuisible détecté)Elément(s) de données du Registre infecté(s):(Aucun élément nuisible détecté)Dossier(s) infecté(s):(Aucun élément nuisible détecté)Fichier(s) infecté(s):(Aucun élément nuisible détecté)
OTL logfile created on: 08/06/2010 17:24:33 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Bernard Lévêque\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

495,00 Mb Total Physical Memory | 196,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 13,09 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
Drive D: | 42,78 Gb Total Space | 42,61 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNARD-LAPTOP
Current User Name: Bernard Lévêque
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/07 05:23:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
PRC - [2010/05/21 13:33:32 | 004,738,856 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/05/21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/05/06 23:12:32 | 002,466,528 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010/05/06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/03/18 16:25:08 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/03/18 16:04:52 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/26 21:45:18 | 001,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/06/26 21:45:02 | 000,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/03/22 12:07:22 | 000,040,960 | ---- | M] () -- C:\Program Files\System Control Manager\edd.exe
PRC - [2005/01/27 10:33:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 05:23:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
MOD - [2010/05/21 13:33:34 | 000,107,816 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TV.dll
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/10/19 14:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/21 13:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/26 15:01:54 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/03/12 16:40:10 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/01/11 14:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/19 17:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2007/10/19 14:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 14:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 14:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/22 12:07:22 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\edd.exe -- (NishService)
SRV - [2005/01/27 10:33:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/05/30 21:58:15 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/05/30 21:58:14 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/30 21:58:14 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/05/30 21:58:13 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/23 17:43:52 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/02/22 14:58:40 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/03 13:57:36 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/01/19 19:32:40 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/19 14:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/12 04:01:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/10/12 04:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2007/10/12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/12 03:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/10/11 19:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 19:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/08/02 11:44:42 | 000,384,384 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2006/07/24 10:15:00 | 004,353,024 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/03 11:31:26 | 000,009,088 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006/06/19 00:40:44 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/14 13:02:00 | 003,660,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/06/01 16:37:58 | 000,236,800 | R--- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2006/03/06 23:49:36 | 000,011,136 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/04 00:31:04 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/04 00:31:02 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/27 09:00:00 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2media.sys -- (O2MDRDR)
DRV - [2006/02/20 10:01:00 | 000,029,056 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\o2sd.sys -- (O2SDRDR)
DRV - [2005/09/26 06:21:00 | 001,145,728 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/05 14:00:00 | 000,023,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gvpiobny.sys -- (gvpiobny)
DRV - [2003/10/05 11:41:14 | 000,123,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sojubus.sys -- (sojubus)
DRV - [2003/09/28 11:57:52 | 000,005,504 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys -- (sojuscsi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Use Custom Search URL = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 27 23 7B 0F 05 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]defender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/05/30 16:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 03:35:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/05 06:16:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/05/27 00:22:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/05/30 16:51:40 | 000,000,000 | ---D | M]

[2010/05/27 00:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Extensions
[2010/05/27 00:22:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/07 22:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\extensions
[2010/05/27 00:15:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/30 00:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/06/07 22:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 06:17:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/05 06:16:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/05/20 18:56:25 | 000,000,822 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: () - {3C38EC1A-4130-414F-BE6D-E79F27F622FC} - C:\WINDOWS\System32\tislvrr.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1275023823875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Scryptnat: DllName - Scryptnat.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2002/02/13 19:35:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/06/19 10:26:16 | 000,192,512 | R--- | M] (Auralog) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/06/26 18:53:06 | 000,000,053 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{4fdf528a-fc7b-11de-b31d-00161752e366}\Shell\AutoRun\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O33 - MountPoints2\{4fdf528a-fc7b-11de-b31d-00161752e366}\Shell\open\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O33 - MountPoints2\{bef07772-c113-11db-acc1-00161752e366}\Shell - "" = AutoRun
O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell - "" = AutoRun
O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{eb67736c-a26b-11db-ac9c-00161752e366}\Shell\AutoRun\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O33 - MountPoints2\{eb67736c-a26b-11db-ac9c-00161752e366}\Shell\open\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/02/13 19:34:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (12961403845476352)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/07 05:24:34 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
[2010/06/07 02:46:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/07 02:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/06 02:52:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Bernard Lévêque\Bureau\erunt_setup.exe
[2010/06/06 02:50:43 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\TFC.exe
[2010/06/05 07:18:21 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/06/05 06:48:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/05 03:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/06/05 01:49:18 | 000,053,248 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSUBTMR6.DLL
[2010/06/05 01:25:23 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/06/05 01:24:06 | 000,000,000 | ---D | C] -- C:\apup
[2010/06/01 16:55:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/05/30 16:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010/05/30 16:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\BitDefender
[2010/05/30 16:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2010/05/30 16:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
[2010/05/30 07:33:57 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/30 07:33:57 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/30 07:33:56 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/30 07:33:55 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/30 07:33:54 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/30 07:33:54 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/30 07:33:54 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/30 07:33:28 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/30 07:33:28 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/30 00:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\QuickScan
[2010/05/29 16:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/05/28 20:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\OpenOffice.org
[2010/05/28 19:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/05/28 19:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/28 19:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/28 19:23:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Bernard Lévêque\IECompatCache
[2010/05/28 07:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Malwarebytes
[2010/05/28 07:24:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/28 07:24:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/28 07:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/28 07:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/28 01:35:21 | 000,000,000 | ---D | C] -- C:\FyK
[2010/05/27 17:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Mes documents\Téléchargements
[2010/05/27 00:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/26 23:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Mes documents\hillary fergusson pole sud.php_fichiers
[2010/05/25 22:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bernard Lévêque\Application Data\TeamViewer
[2010/05/25 22:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/05/20 21:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\SFR
[2003/10/05 11:41:14 | 000,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003/09/28 11:57:52 | 000,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2 C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp files -> C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/08 17:15:02 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006UA.job
[2010/06/08 01:38:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/07 22:15:07 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006Core.job
[2010/06/07 21:02:52 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job
[2010/06/07 21:00:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/07 20:59:37 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/07 20:59:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/07 20:59:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/07 05:31:14 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Bernard Lévêque\NTUSER.DAT
[2010/06/07 05:23:59 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\OTL.exe
[2010/06/07 03:57:12 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Bernard Lévêque\ntuser.ini
[2010/06/07 02:45:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\NTREGOPT.lnk
[2010/06/07 02:45:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\ERUNT.lnk
[2010/06/06 14:23:20 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/06/06 02:51:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Bernard Lévêque\Bureau\erunt_setup.exe
[2010/06/06 02:49:50 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bernard Lévêque\Bureau\TFC.exe
[2010/06/05 06:54:09 | 000,000,938 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/05 03:58:58 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/31 21:18:57 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Application Dataprivacy.xml
[2010/05/30 22:09:11 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\asdict.dat
[2010/05/30 22:09:11 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/05/30 21:58:13 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/05/30 21:37:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_video.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_news.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_im.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_games.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/05/30 07:33:54 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/28 22:39:03 | 000,020,080 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/28 22:35:54 | 000,126,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/28 22:21:23 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\housecall.guid.cache
[2010/05/27 00:22:32 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Thunderbird.lnk
[2010/05/26 23:34:56 | 000,029,980 | ---- | M] () -- C:\Documents and Settings\Bernard Lévêque\Mes documents\hillary fergusson pole sud.php.htm
[2010/05/20 21:53:12 | 001,121,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 21:53:12 | 000,510,980 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/20 21:53:12 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 21:53:12 | 000,084,964 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/20 21:53:12 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 18:56:25 | 000,000,822 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/20 18:56:25 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/06 22:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 22:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 22:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 22:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 22:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp files -> C:\Documents and Settings\Bernard Lévêque\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/07 02:45:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\NTREGOPT.lnk
[2010/06/07 02:45:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\ERUNT.lnk
[2010/06/06 02:54:29 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Bureau\gmer.exe
[2010/06/05 03:58:58 | 000,000,938 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/05 03:57:55 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/31 22:10:59 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006UA.job
[2010/05/31 22:10:58 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3085783877-2358071622-1127961059-1006Core.job
[2010/05/31 19:42:10 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Application Dataprivacy.xml
[2010/05/30 22:09:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2010/05/30 22:09:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2010/05/30 22:02:45 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2010/05/30 21:37:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/05/30 21:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/05/28 22:21:23 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\housecall.guid.cache
[2010/05/28 19:26:14 | 000,000,452 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job
[2010/05/26 23:34:55 | 000,029,980 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Mes documents\hillary fergusson pole sud.php.htm
[2010/05/22 01:54:59 | 000,003,998 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3C38EC1A-4130-414F-BE6D-E79F27F622FC.txt
[2010/05/21 23:40:19 | 000,005,252 | ---- | C] () -- C:\Documents and Settings\Bernard Lévêque\Local Settings\Application Data\3C38EC1A-4130-414F-BE6D-E79F27F622FC.txt
[2010/05/20 18:56:25 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/15 13:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2007/10/11 19:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/03/18 18:06:12 | 000,000,683 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/05 21:13:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007/01/06 18:01:47 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/06/14 13:02:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/06/14 13:02:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/06/14 13:02:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/06/14 13:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/06/14 13:02:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/01/21 06:02:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
[2003/03/27 03:00:00 | 000,005,599 | -HS- | C] () -- C:\WINDOWS\System32\parffilt.ini
[2002/02/14 03:20:32 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/02/13 21:07:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/13 21:03:31 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2002/02/13 20:27:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\MGHwCtrl.dll
[2002/02/13 20:27:18 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MGFPCtrl.dll
[2002/02/13 20:27:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\MGPwrShm.dll
[2002/02/13 20:00:05 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

========== LOP Check ==========

[2010/05/27 00:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/30 21:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/04/01 18:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2010/05/30 16:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\BitDefender
[2010/05/28 20:04:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\OpenOffice.org
[2010/06/06 02:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\QuickScan
[2010/05/25 22:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\TeamViewer
[2010/05/27 00:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bernard Lévêque\Application Data\Thunderbird
[2010/06/08 01:38:01 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/06/07 21:02:52 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2002/02/13 19:35:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/31 21:18:06 | 000,004,427 | ---- | M] () -- C:\bdlog.txt
[2006/12/27 07:11:51 | 000,000,228 | RHS- | M] () -- C:\boot.ini
[2004/08/05 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2002/02/13 19:35:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/28 17:37:28 | 000,000,910 | ---- | M] () -- C:\FyK.txt
[2002/02/13 19:35:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/02/13 19:35:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/05 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/22 22:21:34 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010/06/07 20:58:54 | 780,140,544 | -HS- | M] () -- C:\pagefile.sys
[2007/07/22 22:44:37 | 000,000,490 | ---- | M] () -- C:\Redemption.ECF
[2010/01/09 19:57:11 | 000,000,011 | ---- | M] () -- C:\trace.ini
[2010/06/05 17:09:22 | 000,000,294 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/02/13 20:25:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/02/13 20:25:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/02/13 20:25:59 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 04:33:48 | 000,579,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 04:33:49 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\system32\ws2_32.dll
< End of report >

OTL Extras logfile created on: 08/06/2010 17:24:33 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Bernard Lévêque\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

495,00 Mb Total Physical Memory | 196,00 Mb Available Physical Memory | 40,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 49,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 13,09 Gb Free Space | 44,66% Space Free | Partition Type: NTFS
Drive D: | 42,78 Gb Total Space | 42,61 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNARD-LAPTOP
Current User Name: Bernard Lévêque
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A6F953D-E20A-4484-8E82-4A0BE2C25D21}" = Motorola Phone Tools
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{E34D953E-FE88-4828-B407-8FD29341D36B}" = Motorola Phone Tools
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"3BEF1AFDE8303306594E2ADA27520E6E700820AE" = Package de pilotes Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem v6081
"avast5" = avast! Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{EB1B0104-6A57-446F-B855-FDF49151BE0C}" = O2Micro Flash Memory Card Windows Driver V2.04
"legacyqcam_10.50" = Coffret de pilotes Logitech Legacy USB Camera
"lvdrivers_11.50" = Coffret de pilotes Logitech QuickCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SFR_Kit" = SFR - Kit de connexion
"TeamViewer 5 Host" = TeamViewer 5 Host
"TMM70" = TELL ME MORE
"VLC media player" = VLC media player 1.0.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/06/2010 09:32:11 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 489
Description = wuauclt (5156) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 07/06/2010 09:32:11 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 455
Description = wuaueng.dll (5156) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 07/06/2010 09:32:24 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 489
Description = wuauclt (5156) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 07/06/2010 09:32:24 | Computer Name = BERNARD-LAPTOP | Source = ESENT | ID = 455
Description = wuaueng.dll (5156) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 07/06/2010 15:02:17 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally

Error - 07/06/2010 15:02:18 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : Cette connexion réseau n'existe pas.

Error - 07/06/2010 19:02:40 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally

Error - 07/06/2010 23:02:53 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally

Error - 08/06/2010 03:03:06 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally

Error - 08/06/2010 07:03:22 | Computer Name = BERNARD-LAPTOP | Source = crypt32 | ID = 131080
Description = Échec de la récupération de la mise à jour automatique du numéro de
séquence de la liste racine tierce partie à partir de : <http://www.download....uthrootseq.txt>
avec l'erreur : The connection with the server was terminated abnormally

[ System Events ]
Error - 07/06/2010 14:45:31 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
SENS à une transaction.

Error - 07/06/2010 14:45:58 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
W32Time à une transaction.

Error - 07/06/2010 14:47:16 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
wuauserv à une transaction.

Error - 07/06/2010 14:47:40 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
RasMan à une transaction.

Error - 07/06/2010 14:59:08 | Computer Name = BERNARD-LAPTOP | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.1.41 pour la carte réseau dont l'adresse
réseau est 0013D37AC612 a été refusé par le serveur DHCP 192.168.2.1 (celui-ci a
envoyé un message DHCPNACK).

Error - 07/06/2010 14:59:24 | Computer Name = BERNARD-LAPTOP | Source = Ftdisk | ID = 262189
Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 07/06/2010 14:59:24 | Computer Name = BERNARD-LAPTOP | Source = Ftdisk | ID = 262193
Description = Échec de la configuration du fichier d'échange pour le vidage sur
incident. Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage
et
qu'il est suffisamment grand pour contenir toute la mémoire physique.

Error - 07/06/2010 15:00:34 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7023
Description = Le service NVIDIA nForce Networking Controller Support s'est arrêté
avec l'erreur : %%126

Error - 07/06/2010 15:00:34 | Computer Name = BERNARD-LAPTOP | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%1060

Error - 07/06/2010 19:20:09 | Computer Name = BERNARD-LAPTOP | Source = Windows Update Agent | ID = 16
Description = Connexion impossible : Windows ne parvient pas à se connecter au service
Mises à jour automatiques et ne peut donc pas procéder au téléchargement et à l'installation
des mises à jour définies par la planification. Windows continuera d'essayer d'établir
la connexion.


< End of report >


Thanks.

JB

Edited by jbleveque, 11 June 2010 - 12:37 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
don't put the logs in codeboxes


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: () - {3C38EC1A-4130-414F-BE6D-E79F27F622FC} - C:\WINDOWS\System32\tislvrr.dll File not found
    O20 - Winlogon\Notify\Scryptnat: DllName - Scryptnat.dll - File not found
    O32 - AutoRun File - [2003/06/19 10:26:16 | 000,192,512 | R--- | M] (Auralog) - F:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2003/06/26 18:53:06 | 000,000,053 | R--- | M] () - F:\AutoRun.inf -- [ CDFS ]
    O33 - MountPoints2\{4fdf528a-fc7b-11de-b31d-00161752e366}\Shell\AutoRun\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
    O33 - MountPoints2\{4fdf528a-fc7b-11de-b31d-00161752e366}\Shell\open\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
    O33 - MountPoints2\{bef07772-c113-11db-acc1-00161752e366}\Shell - "" = AutoRun
    O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell - "" = AutoRun
    O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{e100fdba-20af-11d6-8a17-667744223311}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{eb67736c-a26b-11db-ac9c-00161752e366}\Shell\AutoRun\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
    O33 - MountPoints2\{eb67736c-a26b-11db-ac9c-00161752e366}\Shell\open\command - "" = G:\SERVICES\SYSTEM\autorunme.exe -- File not found
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
jbleveque

jbleveque

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks a lot for the reply. I followed the instructions, here are my notes.
- on bootup after OTL executed with the provided arguments, an error "Access violation at address 005B377A in module 'OTL.exe'. Read of address 000000000." Then OTL opens but does nothing. And only when closing OTL, the computer finishes starting up.
- Combofix : first time running, saying incompatible OS, only for 2000 or XP
- Combofix log :


ComboFix 10-06-09.01 - Bernard Lévêque 10/06/2010 5:56.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.495.127 [GMT 2:00]
Lancé depuis: c:\documents and settings\Bernard Lévêque\Bureau\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Pare-feu *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.\documents\settings
c:\program files\Mozilla Firefox\components\npclntax.xpt
C:\Redemption.ECF
c:\windows\system\Color
c:\windows\system32\drivers\dokusizb.sys
c:\windows\system32\drivers\gvpiobny.sys
c:\windows\system32\hkdloau.dll
c:\windows\system32\tislvrr.dll

Une copie infectée de c:\windows\system32\drivers\ohci1394.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACFDGUOT
-------\Legacy_GVPIOBNY
-------\Service_acfdguot
-------\Service_gvpiobny


((((((((((((((((((((((((((((( Fichiers créés du 2010-05-10 au 2010-06-10 ))))))))))))))))))))))))))))))))))))
.

2010-06-10 03:58 . 2010-06-10 03:58 -------- d-----w- c:\windows\LastGood.Tmp
2010-06-10 00:41 . 2010-06-09 22:27 -------- d-----w- C:\32788R22FWJFW
2010-06-09 21:27 . 2010-06-09 21:27 -------- d-----w- C:\_OTL
2010-06-07 00:45 . 2010-06-07 00:45 -------- d-----w- c:\program files\ERUNT
2010-06-05 05:18 . 2010-06-05 05:18 -------- d-----w- C:\VundoFix Backups
2010-06-05 04:48 . 2010-06-05 04:54 -------- dc-h--w- c:\windows\ie8
2010-06-05 04:16 . 2010-06-05 04:15 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 03:24 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-05 01:54 . 2010-06-05 01:54 -------- d-----w- c:\program files\Windows Defender
2010-06-04 23:49 . 2007-07-10 18:27 32584 ----a-w- c:\windows\system32\FM20ENU.DLL
2010-06-04 23:49 . 2004-04-26 03:39 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL
2010-06-04 23:49 . 2007-07-10 18:27 1146184 ----a-w- c:\windows\system32\FM20.DLL
2010-06-04 23:25 . 2007-10-07 12:27 10752 ----a-w- c:\windows\system32\aamd532.dll
2010-06-04 23:24 . 2010-06-05 01:10 -------- d-----w- C:\apup
2010-05-30 20:09 . 2010-05-30 20:09 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-05-30 20:09 . 2010-05-30 20:09 16 ----a-w- c:\windows\system32\asdict.dat
2010-05-30 14:51 . 2010-05-30 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-05-30 14:51 . 2010-05-30 14:51 -------- d-----w- c:\program files\BitDefender
2010-05-30 14:48 . 2010-05-30 14:51 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-05-30 05:33 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-30 05:33 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-30 05:33 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-30 05:33 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-30 05:33 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-30 05:33 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-30 05:33 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-30 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-30 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-29 14:00 . 2010-05-30 05:41 -------- d-----w- c:\windows\BDOSCAN8
2010-05-28 17:53 . 2010-05-28 17:53 -------- d-----w- c:\program files\JRE
2010-05-28 17:53 . 2010-05-28 17:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-28 05:24 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 05:24 . 2010-05-28 05:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 05:24 . 2010-05-28 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-28 05:24 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 23:35 . 2010-05-28 15:48 -------- d-----w- C:\FyK
2010-05-26 22:44 . 2010-05-26 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-25 20:02 . 2010-05-25 20:02 -------- d-----w- c:\program files\TeamViewer
2010-05-22 00:22 . 2010-05-22 00:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-22 00:05 . 2010-05-22 00:05 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2010-05-20 19:50 . 2010-05-20 19:50 -------- d-----w- c:\program files\SFR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 18:52 . 2007-02-18 18:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-05 04:24 . 2008-06-16 20:33 -------- d-----w- c:\program files\Java
2010-06-05 01:59 . 2007-01-07 08:46 -------- d-----w- c:\program files\MSXML 4.0
2010-05-30 19:58 . 2010-01-04 17:41 111312 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-05-28 17:52 . 2007-01-03 21:34 -------- d-----w- c:\program files\OpenOffice.org 2.1
2010-05-27 19:41 . 2007-01-03 21:43 -------- d-----w- c:\program files\Alwil Software
2010-05-27 15:27 . 2007-03-20 18:34 -------- d-----w- c:\program files\Fichiers communs\FotoWire
2010-05-20 19:53 . 2002-02-14 01:20 84964 ----a-w- c:\windows\system32\perfc00C.dat
2010-05-20 19:53 . 2002-02-14 01:20 510980 ----a-w- c:\windows\system32\perfh00C.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"= "c:\windows\system32\ieframe.dll" [2009-03-08 11063808]

[HKEY_CLASSES_ROOT\clsid\{cfbfae00-17a6-11d0-99cb-00c04fd64497}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}"= "c:\program files\BitDefender\BitDefender 2010\IEToolbar.dll" [2009-10-20 128832]

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8517632]

[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Bernard Lévêque\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-31 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-14 7573504]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [27/02/2006 09:00 34880]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [20/02/2006 10:01 29056]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [28/09/2003 11:57 5504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/05/2010 07:33 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/05/2010 07:33 19024]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [19/01/2010 19:32 85128]
R2 BthServ;Bluetooth Support Service;c:\windows\system32\svchost.exe -k bthsvcs [14/02/2002 03:20 14336]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [05/06/2010 06:16 153376]
R2 LIVESRV;BitDefender Desktop Update Service;c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [11/01/2010 14:02 308552]
R2 LVCOMSer;LVCOMSer;c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [19/10/2007 14:17 186904]
R2 LVPrcSrv;Process Monitor;c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [19/10/2007 14:19 141848]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [13/02/2002 20:27 40960]
R2 NVSvc;NVIDIA Display Driver Service;c:\windows\system32\nvsvc32.exe [14/06/2006 13:02 143427]
R2 O2Flash;O2Micro Flash Memory;c:\windows\system32\o2flash.exe [27/01/2005 10:33 36864]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [21/05/2010 13:27 173352]
R2 VSSERV;BitDefender Virus Shield;c:\program files\BitDefender\BitDefender 2010\vsserv.exe [26/04/2010 15:01 1615688]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [03/02/2010 13:57 153448]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [04/01/2010 19:41 111312]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [13/02/2002 20:27 9088]
R3 nvsmu;nvsmu;c:\windows\system32\drivers\nvsmu.sys [13/02/2002 19:47 11136]
R3 RT61;Ralink RT61 Wireless Driver;c:\windows\system32\drivers\rt61.sys [13/02/2002 20:25 384384]
S2 LVSrvLauncher;LVSrvLauncher;c:\program files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [19/10/2007 14:21 141848]
S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [19/10/2009 17:06 183880]
S3 BthEnum;Service d'énumérateur Bluetooth;c:\windows\system32\drivers\bthenum.sys [13/02/2002 20:14 17024]
S3 BthPan;Périphérique Bluetooth (réseau personnel);c:\windows\system32\drivers\bthpan.sys [13/02/2002 20:15 101120]
S3 BTHPORT;Pilote de port Bluetooth;c:\windows\system32\drivers\bthport.sys [13/02/2002 20:14 272768]
S3 BTHUSB;Pilote USB radio Bluetooth;c:\windows\system32\drivers\bthusb.sys [13/02/2002 20:14 18944]
S3 FilterService;UVC Filter Service;c:\windows\system32\drivers\lvuvcflt.sys [06/01/2007 18:01 23832]
S3 GMSIPCI;GMSIPCI;\??\f:\install\GMSIPCI.SYS --> f:\install\GMSIPCI.SYS [?]
S3 lvpopflt;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopflt.sys [06/01/2007 18:01 1920920]
S3 LVUVC;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\drivers\lvuvc.sys [06/01/2007 18:01 3647384]
S3 motmodem;Motorola USB CDC ACM Driver;c:\windows\system32\drivers\motmodem.sys [01/04/2009 18:34 23680]
S3 NdisIP;Connection TV/vidéo Microsoft;c:\windows\system32\drivers\ndisip.sys [06/01/2007 21:12 10880]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM);c:\windows\system32\drivers\rfcomm.sys [13/02/2002 20:14 59136]
S3 RT2500;RT2500 Wireless Driver;c:\windows\system32\drivers\RT2500.sys [13/02/2002 20:04 236800]
S3 sdbus;sdbus;c:\windows\system32\drivers\sdbus.sys [04/08/2004 01:07 79232]
S3 SLIP;Détrameur décalage BDA;c:\windows\system32\drivers\slip.sys [06/01/2007 21:12 11136]
S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [08/09/2008 21:04 108208]
S3 Wdf01000;Wdf01000;c:\windows\system32\drivers\wdf01000.sys [02/11/2006 07:22 492000]
S4 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [05/10/2003 11:41 123520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2010-06-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{34F2F77A-74E8-441E-9551-5ED50477CBE6}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Examen supplémentaire -------
.
TCP: {D8F8B3A2-D347-4490-AED6-23F6A7876154} = 194.2.0.20,194.2.0.50
FF - ProfilePath - c:\documents and settings\Bernard Lévêque\Application Data\Mozilla\Firefox\Profiles\6986huh6.default\
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{3C38EC1A-4130-414F-BE6D-E79F27F622FC} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(6176)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~2\rapimgr.exe
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\rundll32.exe
c:\windows\SoftwareDistribution\Download\371abb5fd5c8697e0b49a932e49c6eda\update\update.exe
.
**************************************************************************
.
Heure de fin: 2010-06-10 06:17:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-06-10 04:17

Avant-CF: 13 787 582 464 octets libres
Après-CF: 13 659 774 976 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 878FDA9BA0A5812316CC45B4F9D32062
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
jbleveque

jbleveque

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for the help, I followed the instructions.

Windows update website seems to be working again after the custom OTL fix and Combofix, and I haven't seen another google redirect yet. I had used autopatcher to manage to update windows "offline" before that, and updates seem to be up to date now.

I had ran TFC and MBAM when following the sticker Guide but redid it nonetheless. Log as follows.
On Kapersky's website http://www.kaspersky.com/virusscanner: "The current Kaspersky Online Scanner is unavailable"
Nevertheless, I tried accessing it via another link and using it but got the message error as posted below. Twice.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4188

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/06/2010 07:26:13
mbam-log-2010-06-11 (07-26-13).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 116706
Temps écoulé: 5 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


When trying to do the online scan :
"Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the

program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find

new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Antivirus bases have been updated

after key expiration]"
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this instead

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#7
jbleveque

jbleveque

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks again for all the help, it's really appreciated.

Here is the log :

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c2e568d0a7c6c4449b16b300c089ab4e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-11 04:15:12
# local_time=2010-06-11 06:15:13 (+0100, Europe de l'Ouest (heure d'été))
# country="France"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777191 100 0 1281331 1281331 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 264 264 0 0
# scanned=59883
# found=2
# cleaned=2
# scan_time=2266
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ohci1394.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{F2410B45-A05B-4B18-A431-33FFF66A6868}\RP55\A0006176.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
jbleveque

jbleveque

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank YOU for your patience and time. There was some lag on some restarts due to the remote control on the computer, I had to text my dad to restart it when he'd wake up or come back from work.

I followed the instructions on your safe computing guide for that computer.

Sysrestore points has an interesting behavior
I get a "Restore point creation failed!" box on top of another box. When I click OK in the "...failed!" box, the other reads "New Restore point successfully created, listed as...".
MBAM and avast will remain on that computer. Adobe Reader is removed and replaced by Foxit.

I had never heard about filehippo. What a fantastic tool!

Thanks again, and happy computing!
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP