Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Files renamed "locked-filename." Can't open files [Solved]

Started by Benam0u , May 15 2012 09:43 PM

  • This topic is locked This topic is locked

#1
Benam0u
Posted 15 May 2012 - 09:43 PM

Benam0u

    New Member

  • Member
  • Pip
  • 2 posts
Hello everyone.

I have a problem with some of my files. Some of them have been rename with the prefix "locked-" and a random extension in four letter after the real one.
For example, on my desktop, i had a file name "Node.jpg". It becomes "locked-Node.jpg.qhdg". If i try to rename it "Node.jpg", the file is unreadable...

I saw this problem this night. I have a recovery point six days ago. The problem is that my others HDD have been infected too, and they are not inclued in the C:/ recovery point. :(

So i'm afraid that my renamed files on D:/ and E:/ won't work if i use the recovery now for the C:/

Is there a way to rename all my files without corrupting them ? :/

I use on your website the quick scan of OTL.exe
Don't know if it can help you.


OTL logfile created on: 16/05/2012 05:30:40 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Ben\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

23,99 Gb Total Physical Memory | 17,99 Gb Available Physical Memory | 74,97% Memory free
27,99 Gb Paging File | 21,66 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 16,93 Gb Free Space | 22,74% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 288,81 Gb Free Space | 31,00% Space Free | Partition Type: NTFS
Drive G: | 1862,89 Gb Total Space | 621,98 Gb Free Space | 33,39% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 05:29:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/16 09:30:31 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/02/16 09:30:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/06 12:47:32 | 001,711,616 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
PRC - [2011/11/14 20:59:52 | 000,199,680 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/08/27 19:45:05 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2011/08/08 12:41:14 | 003,417,496 | ---- | M] (Tonec Inc.) -- D:\Internet Download Manager\IDMan.exe
PRC - [2011/08/02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010/05/25 16:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- D:\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/09 19:12:16 | 000,741,376 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
PRC - [2009/10/05 20:01:30 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
PRC - [2009/04/09 02:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 04:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll
MOD - [2012/04/28 04:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll
MOD - [2012/04/28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/04/28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Ben\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll
MOD - [2012/04/20 20:17:05 | 020,297,512 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012/04/20 20:17:05 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012/04/20 20:17:05 | 000,907,048 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012/04/20 20:17:05 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012/04/20 20:17:05 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2011/08/28 23:19:12 | 000,093,696 | ---- | M] () -- D:\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011/03/21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
MOD - [2009/10/19 17:50:28 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Corsair\K90 Keyboard\hidGetKey.dll
MOD - [2009/10/09 19:12:16 | 000,741,376 | ---- | M] () -- C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/21 07:35:08 | 002,339,840 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\Windows\SysNative\hserver.exe -- (HoudiniServer)
SRV:64bit: - [2012/03/06 22:23:38 | 002,456,576 | ---- | M] (Side Effects Software Inc.) [Auto | Running] -- C:\Windows\SysNative\sesinetd.exe -- (HoudiniLicenseServer)
SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/08/30 02:43:09 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/06/06 14:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/08/09 13:59:36 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/05/05 11:47:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/20 20:17:05 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/16 09:30:31 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/02/16 09:30:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/13 21:36:51 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/08/30 16:08:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/05 20:01:30 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/09 02:38:52 | 000,024,635 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe -- (MRUWebService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/08/30 02:35:35 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/07/06 17:14:42 | 000,145,008 | -H-- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/06/21 11:38:24 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CORSGKB.sys -- (CORSGKB)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2011/04/01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/17 12:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 12:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/03/17 12:10:34 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/17 20:04:08 | 000,020,456 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/19 17:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/03/17 10:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/08 12:23:00 | 000,395,776 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/23 08:43:48 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/10 00:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2009/08/10 15:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/12 13:11:06 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 1E E8 95 7C 63 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js - File not found
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/03/04 23:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 16:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/30 16:08:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/04 23:31:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Ben\AppData\Roaming\IDM\idmmzcc5 [2012/05/16 04:44:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Ben\AppData\Roaming\IDM\idmmzcc5 [2012/05/16 04:44:51 | 000,000,000 | ---D | M]

[2011/08/26 01:30:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\mozilla\Extensions
[2012/05/16 04:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\mozilla\Firefox\Profiles\56mv19dm.default\extensions
[2012/03/04 21:50:04 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Ben\AppData\Roaming\mozilla\Firefox\Profiles\56mv19dm.default\extensions\[email protected]
[2012/05/10 04:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/10 04:11:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/30 19:32:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/10/01 15:33:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\BEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\56MV19DM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/05 16:14:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/05 16:14:31 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011/10/05 16:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/05 16:14:31 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/10/05 16:14:31 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/10/05 16:14:31 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/10/05 16:14:31 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ben\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ben\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\locked-.bkhn
CHR - Extension: Recherche Google = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\locked-.fqyr
CHR - Extension: Flash plein \u00E9cran = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejijbmhbanhbllpkhfojmimfolkjgdl\1.2_0\locked-.yrvn
CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\locked-.bsrs
CHR - Extension: Black Wood = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfigpljkonjldfhkfgbbmibfbcggnhj\1_0\locked-.zcfl
CHR - Extension: Skype Click to Call = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\locked-.grqn
CHR - Extension: Gmail = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\locked-.bvhf

O1 HOSTS File: ([2012/05/16 04:42:52 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe (Corsair Components Inc)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [1C40C8C6] C:\Users\Ben\AppData\Roaming\Hnyxkx\334D08621C40C8C62925.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SB00C.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\Ben\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [fccu4o20iv] C:\Users\Ben\fccu4o20iv.exe File not found
O4 - HKCU..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [IDMan] D:\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4:64bit: - HKLM..\RunOnce: [WinSATRestorePower] C:\Windows\SysNative\powercfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O8:64bit: - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Télécharger avec IDM - D:\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Télécharger tous les liens avec IDM - D:\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir au format PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Télécharger avec IDM - D:\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Internet Download Manager\IEGetAll.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97424FF6-BCA9-487E-A5F2-D82741BA27DC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0db737ed-e21a-11df-bd72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db737ed-e21a-11df-bd72-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 05:30:22 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/05/16 04:42:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Hnyxkx
[2012/05/15 21:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B400CC81-506D-4CB8-B8B4-26E562E1CE01}
[2012/05/15 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C08F7009-3B9E-4ABB-8C29-52CE602F3A43}
[2012/05/15 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Diablo III
[2012/05/15 19:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/13 16:42:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{734621A8-81F1-45A9-A08D-B15CC2F158C3}
[2012/05/13 16:42:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4D1261E7-6091-4059-A7DE-888204AC045E}
[2012/05/12 16:36:21 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B0A1DCC1-8F0E-446A-A9D2-434ACC1ACD4A}
[2012/05/12 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{46E21757-6BCA-46A6-9EE0-BBAE445CE61B}
[2012/05/11 21:59:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A731149E-0CDE-412F-BF0C-0E1BEF855D9A}
[2012/05/11 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A0F23D93-9DDB-4A09-85B8-63E0569CCFF1}
[2012/05/10 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DC57F8FF-9BA9-4457-92E6-3EAC54CC6101}
[2012/05/10 20:23:28 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D0742B7B-ECA7-4A2F-A932-52B6C83BA737}
[2012/05/10 04:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/10 04:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/10 03:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/10 03:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/10 03:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/09 23:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Side Effects Software
[2012/05/09 23:50:18 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\houdini12.0
[2012/05/09 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D0043C70-5C55-4C33-AB70-D7D109202F22}
[2012/05/09 19:02:29 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7689EDFF-7B61-4364-962B-79EF947B7BBF}
[2012/05/09 03:00:46 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/09 02:58:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Mozilla
[2012/05/09 02:58:24 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\.hbrowser
[2012/05/08 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3D1A5196-2AD8-4FC9-BCAD-6AAD58D3A188}
[2012/05/08 20:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{E1A61DC5-A979-4551-B7BF-DD7EB81615A2}
[2012/05/08 05:37:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{05503FA5-BABA-4906-942E-67BF81021395}
[2012/05/08 05:37:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{00E189E3-57A4-417E-BA47-AF488EA5BE38}
[2012/05/07 17:12:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A1ED387D-FF2C-4FC2-8D23-530067C58E69}
[2012/05/07 17:12:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1A70BFCB-1425-4735-B470-13B1B2106791}
[2012/05/07 05:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4C28F22A-EEEA-4EC2-875C-0C71340341E6}
[2012/05/07 05:12:03 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8E3AF240-C484-4183-AA13-BC0DA58981C8}
[2012/05/07 03:45:54 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4899B79F-A5B9-43D3-AAE5-DEEB742F36E9}
[2012/05/07 03:45:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{55999E3B-52C4-4C0E-AE1B-3AE2AD12AA48}
[2012/05/07 03:41:27 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/07 03:41:27 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/07 02:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/07 01:39:00 | 000,000,000 | ---D | C] -- C:\Windows\keys
[2012/05/07 01:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Side Effects Software
[2012/05/06 15:44:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7511756F-FEAB-4C10-B715-EBEA9FB23F6E}
[2012/05/06 15:44:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A442D1AC-59BA-462F-B349-B86F84CBD2D7}
[2012/05/06 01:49:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7CE01BA6-D05E-4C60-89AE-19B0DCE32E45}
[2012/05/06 01:48:56 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A598F2DB-0D05-4224-BB9F-9B8F26FA5567}
[2012/05/05 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Nouveau dossier
[2012/05/02 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\Ben\.swt
[2012/05/02 23:57:56 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Azureus
[2012/05/02 23:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2012/05/02 23:56:41 | 009,739,192 | ---- | C] (Vuze Inc.) -- C:\Users\Ben\Desktop\Vuze_4700_windows.exe
[2012/04/29 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/29 17:25:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\Desktop\Minecraft 1.2.4
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 05:30:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2197927621-3693500953-2775910242-1000UA.job
[2012/05/16 05:29:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/05/16 04:52:50 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Houdini 12.0.572.lnk
[2012/05/16 04:52:50 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/16 04:47:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 04:45:36 | 000,037,376 | ---- | M] () -- C:\Users\Ben\locked-fccu4o20iv.exe.crqp
[2012/05/16 04:45:33 | 000,332,154 | ---- | M] () -- C:\Users\Ben\Documents\locked-Sans titre-1.jpg.crco
[2012/05/16 04:45:32 | 000,010,465 | ---- | M] () -- C:\Users\Ben\Documents\locked-order_php.htm.vcrc
[2012/05/16 04:45:29 | 000,002,390 | ---- | M] () -- C:\Users\Ben\Documents\locked-MumbleAutomaticCertificateBackup.p12.lqzt
[2012/05/16 04:45:26 | 000,002,498 | ---- | M] () -- C:\Users\Ben\Documents\locked-Enregistrer Vegas Pro.htm.rnil
[2012/05/16 04:45:25 | 000,663,712 | ---- | M] () -- C:\Users\Ben\Documents\locked-CV+LdM.pdf.rgpf
[2012/05/16 04:45:25 | 000,487,809 | ---- | M] () -- C:\Users\Ben\Documents\locked-Carte_de_visite.pdf.wvzs
[2012/05/16 04:45:25 | 000,116,185 | ---- | M] () -- C:\Users\Ben\Documents\locked-bookmarks-2011-10-23.json.csip
[2012/05/16 04:45:25 | 000,103,496 | ---- | M] () -- C:\Users\Ben\Documents\locked-Cratère ardent.SC2Replay.pjqq
[2012/05/16 04:45:25 | 000,102,281 | ---- | M] () -- C:\Users\Ben\Documents\locked-bookmarks.html.rjry
[2012/05/16 04:45:25 | 000,067,598 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20111121_212716.reg.jfrw
[2012/05/16 04:45:25 | 000,063,254 | ---- | M] () -- C:\Users\Ben\Documents\locked-certificats.pdf.enln
[2012/05/16 04:45:25 | 000,045,304 | ---- | M] () -- C:\Users\Ben\Documents\locked-5653_115306205993_646825993_2464158_5976124_n.jpg.zhdr
[2012/05/16 04:45:25 | 000,040,188 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20120509_041110.reg.iynf
[2012/05/16 04:45:25 | 000,027,390 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20120304_204908.reg.wbgv
[2012/05/16 04:45:25 | 000,007,122 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20120509_234339.reg.mnfz
[2012/05/16 04:45:25 | 000,005,510 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20111121_212734.reg.ljzj
[2012/05/16 04:45:25 | 000,002,048 | ---- | M] () -- C:\Users\Ben\Documents\locked-Clé de synchronisation de Firefox.html.wfmj
[2012/05/16 04:45:25 | 000,001,900 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20120509_234351.reg.mxkx
[2012/05/16 04:45:25 | 000,001,900 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20120509_041127.reg.yfcd
[2012/05/16 04:45:25 | 000,001,596 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20120304_204923.reg.lkgc
[2012/05/16 04:45:25 | 000,000,500 | ---- | M] () -- C:\Users\Ben\Documents\locked-cc_20111121_212746.reg.kixu
[2012/05/16 04:45:24 | 263,962,624 | ---- | M] () -- C:\Users\Ben\Desktop\locked-One piece 338.avi.zrse
[2012/05/16 04:45:24 | 221,143,344 | ---- | M] () -- C:\Users\Ben\Desktop\locked-The Video Game Rock Medley (FreddeGredde) - YouTube.mp4.rpkh
[2012/05/16 04:45:24 | 002,461,638 | ---- | M] () -- C:\Users\Ben\Desktop\locked-Mosaic_Fab_PSD.psd.kitu
[2012/05/16 04:45:24 | 002,075,184 | ---- | M] () -- C:\Users\Ben\Desktop\locked-tdsskiller.exe.jdmj
[2012/05/16 04:45:24 | 000,598,556 | ---- | M] () -- C:\Users\Ben\Desktop\locked-node.jpg.qhdg
[2012/05/16 04:45:24 | 000,399,264 | ---- | M] () -- C:\Users\Ben\Desktop\locked-unhide.exe.gjgy
[2012/05/16 04:45:24 | 000,086,397 | ---- | M] () -- C:\Users\Ben\Desktop\locked-random.jpg.wkgj
[2012/05/16 04:45:24 | 000,015,388 | ---- | M] () -- C:\Users\Ben\Desktop\locked-Mosaic_Fab_PNG.png.xcnc
[2012/05/16 04:45:24 | 000,000,202 | ---- | M] () -- C:\Users\Ben\Desktop\locked-Titan Attacks.url.ohit
[2012/05/16 04:45:23 | 010,847,608 | ---- | M] () -- C:\Users\Ben\Desktop\locked-mbam-setup-1.60.0.1800.exe.grvn
[2012/05/16 04:45:10 | 738,283,286 | ---- | M] () -- C:\Users\Ben\Desktop\locked-Crows.Zero_FR_DVDRiP.avi.fvxl
[2012/05/16 04:45:10 | 735,784,960 | ---- | M] () -- C:\Users\Ben\Desktop\locked-CROWS+ZERO+2.avi.waou
[2012/05/16 04:45:10 | 024,652,139 | ---- | M] () -- C:\Users\Ben\Desktop\locked-127.0.0.1.sql.acbq
[2012/05/16 04:45:10 | 000,381,014 | ---- | M] () -- C:\Users\Ben\Desktop\locked-2011-12-03(19465)_centurion_final_small_.jpg.prwx
[2012/05/16 04:45:10 | 000,141,685 | ---- | M] () -- C:\Users\Ben\Desktop\locked-Fire_pillar.jpg.fvpw
[2012/05/16 04:45:10 | 000,121,158 | ---- | M] () -- C:\Users\Ben\Desktop\locked-animPanel_v1.2.mel.rrlg
[2012/05/16 04:45:10 | 000,109,633 | ---- | M] () -- C:\Users\Ben\Desktop\locked-2012-04-23(112231)_OnionMAN_FinalShot2M.jpg.xmdt
[2012/05/16 04:45:10 | 000,086,394 | ---- | M] () -- C:\Users\Ben\Desktop\locked-00.png.molt
[2012/05/16 04:45:10 | 000,080,726 | ---- | M] () -- C:\Users\Ben\Desktop\locked-01.png.hrfy
[2012/05/16 04:45:10 | 000,040,304 | ---- | M] () -- C:\Users\Ben\Desktop\locked-395200_10150545417980951_695760950_9247792_32130720_n.jpg.efpf
[2012/05/16 04:45:10 | 000,000,586 | ---- | M] () -- C:\Users\Ben\Desktop\locked-djx blog » frame by frame command line rendering.website.dlyr
[2012/05/16 04:45:10 | 000,000,199 | ---- | M] () -- C:\Users\Ben\Desktop\locked-Dota 2.url.jayu
[2012/05/16 04:44:46 | 000,000,132 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\locked-Adobe PNG Format CS5 Prefs.lfhi
[2012/05/16 04:44:31 | 000,007,605 | ---- | M] () -- C:\Users\Ben\AppData\Local\locked-Resmon.ResmonCfg.okri
[2012/05/16 04:42:52 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/16 03:27:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2197927621-3693500953-2775910242-1000UA.job
[2012/05/15 21:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2197927621-3693500953-2775910242-1000Core.job
[2012/05/15 19:35:25 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/15 19:10:30 | 001,662,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/15 19:10:30 | 000,745,268 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/05/15 19:10:30 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/15 19:10:30 | 000,148,786 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/05/15 19:10:30 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/15 07:11:00 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2197927621-3693500953-2775910242-1000Core.job
[2012/05/15 04:57:19 | 000,206,848 | ---- | M] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 01:36:56 | 000,021,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 01:36:56 | 000,021,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/10 05:11:05 | 000,000,008 | ---- | M] () -- C:\Windows\mvraidver.dat
[2012/05/10 05:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/09 03:59:31 | 000,000,962 | ---- | M] () -- C:\Users\Ben\Desktop\RegCleaner.lnk
[2012/05/09 03:19:00 | 004,849,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/07 03:10:38 | 000,001,286 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/07 03:10:38 | 000,001,262 | ---- | M] () -- C:\Users\Ben\Desktop\Spybot - Search & Destroy.lnk
[2012/05/07 02:58:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 14:17:16 | 000,326,484 | ---- | M] () -- C:\Users\Ben\Desktop\win7-x64-sm-reset_TEMP.exe
[2012/05/05 13:32:07 | 000,000,679 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/04 00:35:24 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120507-031502.backup
[2012/05/04 00:35:24 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120507-031441.backup
[2012/05/04 00:35:24 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120507-031413.backup
[2012/05/02 23:59:04 | 000,001,852 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/05/02 23:56:58 | 009,739,192 | ---- | M] (Vuze Inc.) -- C:\Users\Ben\Desktop\Vuze_4700_windows.exe
[2012/04/24 18:12:52 | 001,440,054 | ---- | M] () -- C:\Windows\SysWow64\winsh325
[2012/04/23 21:11:35 | 000,124,558 | ---- | M] () -- C:\Users\Ben\Desktop\Blue-Windows-8-Metro-Theme-1024x640.jpg
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 04:43:04 | 001,440,054 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012/05/16 04:43:04 | 000,960,056 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012/05/16 04:43:04 | 000,960,056 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012/05/16 04:43:04 | 000,960,056 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012/05/16 04:43:04 | 000,960,056 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012/05/16 04:43:04 | 000,960,056 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[2012/05/16 04:42:44 | 000,037,376 | ---- | C] () -- C:\Users\Ben\locked-fccu4o20iv.exe.crqp
[2012/05/15 19:18:38 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/09 23:50:49 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Houdini 12.0.572.lnk
[2012/05/09 23:43:53 | 000,001,900 | ---- | C] () -- C:\Users\Ben\Documents\locked-cc_20120509_234351.reg.mxkx
[2012/05/09 23:43:40 | 000,007,122 | ---- | C] () -- C:\Users\Ben\Documents\locked-cc_20120509_234339.reg.mnfz
[2012/05/09 04:11:28 | 000,001,900 | ---- | C] () -- C:\Users\Ben\Documents\locked-cc_20120509_041127.reg.yfcd
[2012/05/09 04:11:12 | 000,040,188 | ---- | C] () -- C:\Users\Ben\Documents\locked-cc_20120509_041110.reg.iynf
[2012/05/09 04:01:50 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/09 03:59:31 | 000,000,962 | ---- | C] () -- C:\Users\Ben\Desktop\RegCleaner.lnk
[2012/05/07 22:19:29 | 000,141,685 | ---- | C] () -- C:\Users\Ben\Desktop\locked-Fire_pillar.jpg.fvpw
[2012/05/07 03:10:38 | 000,001,262 | ---- | C] () -- C:\Users\Ben\Desktop\Spybot - Search & Destroy.lnk
[2012/05/07 02:54:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/07 02:54:14 | 010,847,608 | ---- | C] () -- C:\Users\Ben\Desktop\locked-mbam-setup-1.60.0.1800.exe.grvn
[2012/05/05 18:44:32 | 000,000,202 | ---- | C] () -- C:\Users\Ben\Desktop\locked-Titan Attacks.url.ohit
[2012/05/05 14:17:11 | 000,326,484 | ---- | C] () -- C:\Users\Ben\Desktop\win7-x64-sm-reset_TEMP.exe
[2012/05/05 14:16:40 | 000,399,264 | ---- | C] () -- C:\Users\Ben\Desktop\locked-unhide.exe.gjgy
[2012/05/05 14:15:37 | 002,075,184 | ---- | C] () -- C:\Users\Ben\Desktop\locked-tdsskiller.exe.jdmj
[2012/05/05 13:32:07 | 000,000,679 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/02 23:57:30 | 000,001,852 | ---- | C] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/04/28 15:24:25 | 000,109,633 | ---- | C] () -- C:\Users\Ben\Desktop\locked-2012-04-23(112231)_OnionMAN_FinalShot2M.jpg.xmdt
[2012/04/23 21:56:19 | 000,015,388 | ---- | C] () -- C:\Users\Ben\Desktop\locked-Mosaic_Fab_PNG.png.xcnc
[2012/04/23 21:55:28 | 002,461,638 | ---- | C] () -- C:\Users\Ben\Desktop\locked-Mosaic_Fab_PSD.psd.kitu
[2012/04/23 21:11:38 | 000,124,558 | ---- | C] () -- C:\Users\Ben\Desktop\Blue-Windows-8-Metro-Theme-1024x640.jpg
[2012/04/19 23:01:52 | 221,143,344 | ---- | C] () -- C:\Users\Ben\Desktop\locked-The Video Game Rock Medley (FreddeGredde) - YouTube.mp4.rpkh
[2012/04/19 19:05:49 | 000,000,199 | ---- | C] () -- C:\Users\Ben\Desktop\locked-Dota 2.url.jayu
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/19 13:07:25 | 001,640,176 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/15 21:01:27 | 001,180,753 | ---- | C] () -- C:\Windows\unins001.exe
[2012/02/15 21:01:27 | 000,007,907 | ---- | C] () -- C:\Windows\unins001.dat
[2012/02/15 21:00:49 | 001,174,097 | ---- | C] () -- C:\Windows\unins000.exe
[2012/02/15 21:00:49 | 000,033,729 | ---- | C] () -- C:\Windows\unins000.dat
[2011/11/21 22:37:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/21 22:37:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/13 21:29:27 | 000,007,605 | ---- | C] () -- C:\Users\Ben\AppData\Local\locked-Resmon.ResmonCfg.okri
[2011/09/29 23:46:27 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/29 23:46:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/15 14:31:20 | 000,000,132 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\locked-Adobe PNG Format CS5 Prefs.lfhi
[2011/08/27 23:33:38 | 000,000,122 | ---- | C] () -- C:\Windows\INpact_CSS_Hud_tweaker_1.19.INI
[2011/08/26 02:19:14 | 000,206,848 | ---- | C] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 01:47:19 | 000,000,008 | ---- | C] () -- C:\Windows\mvraidver.dat
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== LOP Check ==========

[2012/05/16 04:44:40 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.minecraft
[2012/05/16 04:44:42 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\.spoutcraft
[2011/08/30 02:49:53 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Autodesk
[2012/05/16 04:44:48 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Azureus
[2012/02/15 21:00:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Corsair Vengeance
[2012/05/16 04:44:48 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DAEMON Tools Lite
[2012/05/16 05:30:25 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\DMCache
[2012/05/16 04:44:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Dropbox
[2011/09/12 15:52:59 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\EPSON
[2011/08/26 01:26:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ESET
[2011/08/30 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\eyeon
[2012/05/16 04:44:49 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\FileZilla
[2012/05/16 04:42:52 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Hnyxkx
[2012/05/16 05:29:58 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\IDM
[2011/10/04 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\ImgBurn
[2011/08/26 03:44:41 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\LolClient
[2012/05/16 04:44:55 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mount&Blade Warband
[2012/05/16 04:44:56 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Mumble
[2012/05/16 04:44:57 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Notepad++
[2012/05/16 04:44:57 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Origin
[2011/11/21 22:34:16 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Publish Providers
[2011/08/29 03:03:24 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Razer
[2012/05/16 04:45:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Sony
[2012/05/16 04:45:09 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Wireshark
[2012/05/15 21:27:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2197927621-3693500953-2775910242-1000Core.job
[2012/05/16 03:27:01 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2197927621-3693500953-2775910242-1000UA.job
[2012/02/07 02:05:37 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Benam0u, 15 May 2012 - 09:57 PM.

  • 0

Advertisements

#2
maliprog
Posted 15 May 2012 - 11:28 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Benam0u and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

This is one of latest infections. We will do what we can and hopefully get your files back. Just don't attach any type of disks on your PC until we sort this because you can lose more files.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [1C40C8C6] C:\Users\Ben\AppData\Roaming\Hnyxkx\334D08621C40C8C62925.exe ()
    O4 - HKCU..\Run: [fccu4o20iv] C:\Users\Ben\fccu4o20iv.exe File not found
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
    O33 - MountPoints2\{0db737ed-e21a-11df-bd72-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{0db737ed-e21a-11df-bd72-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
    [2012/05/16 04:42:52 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Hnyxkx
    [2012/05/15 21:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B400CC81-506D-4CB8-B8B4-26E562E1CE01}
    [2012/05/15 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{C08F7009-3B9E-4ABB-8C29-52CE602F3A43}
    [2012/05/13 16:42:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{734621A8-81F1-45A9-A08D-B15CC2F158C3}
    [2012/05/13 16:42:00 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4D1261E7-6091-4059-A7DE-888204AC045E}
    [2012/05/12 16:36:21 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{B0A1DCC1-8F0E-446A-A9D2-434ACC1ACD4A}
    [2012/05/12 16:36:11 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{46E21757-6BCA-46A6-9EE0-BBAE445CE61B}
    [2012/05/11 21:59:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A731149E-0CDE-412F-BF0C-0E1BEF855D9A}
    [2012/05/11 21:59:34 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A0F23D93-9DDB-4A09-85B8-63E0569CCFF1}
    [2012/05/10 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{DC57F8FF-9BA9-4457-92E6-3EAC54CC6101}
    [2012/05/10 20:23:28 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{D0742B7B-ECA7-4A2F-A932-52B6C83BA737}
    [2012/05/08 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{3D1A5196-2AD8-4FC9-BCAD-6AAD58D3A188}
    [2012/05/08 20:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{E1A61DC5-A979-4551-B7BF-DD7EB81615A2}
    [2012/05/08 05:37:42 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{05503FA5-BABA-4906-942E-67BF81021395}
    [2012/05/08 05:37:32 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{00E189E3-57A4-417E-BA47-AF488EA5BE38}
    [2012/05/07 17:12:48 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A1ED387D-FF2C-4FC2-8D23-530067C58E69}
    [2012/05/07 17:12:38 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{1A70BFCB-1425-4735-B470-13B1B2106791}
    [2012/05/07 05:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4C28F22A-EEEA-4EC2-875C-0C71340341E6}
    [2012/05/07 05:12:03 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{8E3AF240-C484-4183-AA13-BC0DA58981C8}
    [2012/05/07 03:45:54 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{4899B79F-A5B9-43D3-AAE5-DEEB742F36E9}
    [2012/05/07 03:45:44 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{55999E3B-52C4-4C0E-AE1B-3AE2AD12AA48}
    [2012/05/06 15:44:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7511756F-FEAB-4C10-B715-EBEA9FB23F6E}
    [2012/05/06 15:44:16 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A442D1AC-59BA-462F-B349-B86F84CBD2D7}
    [2012/05/06 01:49:07 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{7CE01BA6-D05E-4C60-89AE-19B0DCE32E45}
    [2012/05/06 01:48:56 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\{A598F2DB-0D05-4224-BB9F-9B8F26FA5567}
    [2012/05/05 13:32:07 | 000,000,679 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download Kaspersky Tool from Here. Run the tool and you should get your files back.

Please post Kaspersky log after the scan UtilityName.Version_Date_Time_log.txt.

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Kaspersky tool log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Benam0u
Posted 16 May 2012 - 08:24 PM

Benam0u

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hello maliprog ! Thanks for your quick reply !

A friend get the same infection. I have fix it on his computer, so he helps me this morning to fix mine.
Sorry to waste your time doing, I was not expecting to find someone around me who knew how to fix it.

But for other people who might catch this virus, and found this page, we used the same procedure you described.
We used the Kaspersky tool too and it is wonderfull ! I fixed all my files !

Thanks you for your help ! :)
  • 0

#4
maliprog
Posted 16 May 2012 - 10:59 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Benam0u,

Thank you for letting us know. Goodbye and stay safe :thumbsup:
  • 0

#5
maliprog
Posted 17 May 2012 - 11:49 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP