[uberfayt2]

its as the title says, some programs just won't run anymore (like iexplore, windows media, external drivers detection...) although they appear on the task manager. i wanted to run a scan using avast (wich was disabled) but didn't work, same for malwarebytes and ccleaner (they seem to freeze when the scan reaches the temporary internet folder). i also noticed some weird .exe files on the task manager (isass.exe/dumperp.exe/jusched.exe/hpwuSchd2.exe...). having no means to the internet i'm only using another machine right now, and i have the recovery console installed on the infected one. plz help

[Advertisements]

need some help please

[uberfayt2]

need some help please

[Essexboy]

Hi sorry for the delay - could I have a fresh look at your system please

Hi lets try this first, if it fails go to Plan B

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Select scan all users
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here : there are several flavours to choose from, if one does not work then try the next

* rkill.com
* rkill.scr
* rkill.pif


Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Security Central and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Security Central when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Security Central . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above

[uberfayt2]

no good, either ways otl freezes when scaning this file (hpz12.exe (i think its in the system32 folder)). but i had no problem at safe mode, here are the logs:

OTL logfile created on: 10/10/2010 17:23:56 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 0,81 Gb Free Space | 1,65% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,38 Gb Free Space | 17,17% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 42,74 Gb Free Space | 83,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 954,56 Mb Total Space | 877,17 Mb Free Space | 91,89% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNICORNI-68682E
Current User Name: sammy
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/08 21:21:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\ii.exe
PRC - [2007/10/14 23:14:30 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 21:21:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\ii.exe
MOD - [2006/08/25 08:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/03 22:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - File not found [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/24 21:22:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/09/17 17:48:48 | 000,364,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\atwtusb.exe -- (WTService)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/09 15:48:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/02 11:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/27 07:46:48 | 006,023,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/14 23:16:37 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/19 22:17:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/11/01 06:19:36 | 000,336,128 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2006/11/01 06:19:36 | 000,024,160 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2006/05/31 11:18:30 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/12/22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/06/21 17:21:18 | 000,125,913 | R--- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2005/03/15 13:00:00 | 000,277,504 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2004/03/02 07:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ma.emb-japan.go.jp/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/07/07 22:59:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe File not found
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\Menara\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\sammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/11 12:46:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/18 22:26:20 | 000,000,057 | RHS- | M] () - G:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{502db833-8547-11df-9736-4d6564696130}\Shell\AutoRun\command - "" = myfolder\myfile.exe
O33 - MountPoints2\{502db833-8547-11df-9736-4d6564696130}\Shell\open\command - "" = myfolder\myfile.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 12:53:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/09 21:24:07 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/09 21:08:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\system32
[2010/10/09 20:54:03 | 000,000,000 | ---D | C] -- C:\system32
[2010/10/08 22:26:48 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\ii.exe
[2010/10/08 22:26:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/10/08 11:16:04 | 000,000,000 | ---D | C] -- C:\1Ecran tactile2
[2010/09/30 23:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\test2
[2010/09/29 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/29 21:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/09/28 20:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Menara
[2010/09/28 20:04:32 | 000,114,688 | ---- | C] (Analog Devices.) -- C:\WINDOWS\System32\unaddrv.exe
[2010/09/28 20:04:31 | 000,155,648 | R--- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\AdADIx32.dll
[2010/09/28 20:04:31 | 000,004,981 | R--- | C] (SITECSOFT Co., LTD.) -- C:\WINDOWS\System32\AdADIx2K.dll
[2010/09/28 20:04:29 | 000,125,913 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\adiusbaw.sys
[2010/09/20 15:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\ULJM057340001
[2010/09/20 13:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\seplugins
[2010/09/11 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2010/09/11 22:36:45 | 000,348,160 | ---- | C] (DGP) -- C:\WINDOWS\System32\MEnc.ocx
[2010/09/11 22:36:45 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\WINDOWS\System32\FlatBtn6.ocx
[2010/09/11 22:36:45 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2010/09/11 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\WAV to MP3 Encoder
[2010/09/11 21:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\Nouveau dossier (4)

========== Files - Modified Within 30 Days ==========

[2010/10/10 13:48:12 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/10 13:14:26 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 12:52:02 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/10 12:51:50 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/10 12:51:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/09 23:57:36 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\sammy\ntuser.ini
[2010/10/09 23:57:35 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\sammy\NTUSER.DAT
[2010/10/08 22:40:42 | 000,000,056 | ---- | M] () -- C:\WINDOWS\kgt2k.INI
[2010/10/08 22:39:21 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\ax_files.xml
[2010/10/08 22:38:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/08 22:38:28 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 21:21:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\ii.exe
[2010/10/08 21:01:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/10/07 20:00:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2010/10/06 22:25:05 | 000,000,697 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/06 16:10:39 | 009,935,054 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Watch This Space - Britannia High (Lauren & Claudine) [w_ lyrics].mp4
[2010/10/04 23:27:01 | 007,266,048 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Fullmetal Alchemist Opening 4 Rewrite Full.mp3
[2010/10/03 22:28:17 | 006,650,880 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp3
[2010/10/03 18:35:39 | 006,998,016 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp3
[2010/10/03 18:34:57 | 007,478,337 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp4
[2010/10/03 18:30:25 | 070,064,599 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp4
[2010/10/03 16:48:25 | 008,507,136 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp3
[2010/10/03 16:44:04 | 016,075,168 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp4
[2010/10/01 23:37:46 | 003,084,288 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp3
[2010/10/01 23:37:02 | 003,066,526 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp4
[2010/10/01 01:07:56 | 006,157,440 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - DuelMadness Song(kaiba theme) mp3.mp3
[2010/09/30 14:13:03 | 006,183,552 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu Gi Oh! Duel Madness Official Instrumental Track.mp3
[2010/09/29 12:37:18 | 003,046,662 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\01 - To be a Dream.mp3
[2010/09/28 20:47:47 | 000,000,154 | ---- | M] () -- C:\WINDOWS\adidsl.ini
[2010/09/28 20:47:47 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\adidsl.cfg
[2010/09/28 20:11:31 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Menara ADSL.lnk
[2010/09/28 20:11:28 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
[2010/09/28 20:11:26 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Messagerie avec Menara.lnk
[2010/09/28 20:11:24 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Internet avec Menara.lnk
[2010/09/22 23:26:46 | 003,793,152 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! GX Tag Force 3 - OST - Duel_ Tournament.mp3
[2010/09/17 23:43:42 | 008,386,350 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\David Christie - Saddle Up 1982.mp3
[2010/09/17 10:42:14 | 000,154,353 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\A01.pdf
[2010/09/16 14:25:19 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\sammy\game.ini
[2010/09/15 14:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 14:01:57 | 000,051,141 | ---- | M] () -- C:\WINDOWS\‚Q‚cŠi“¬ƒcƒN�[ƒ‹‚Q‚Ž‚„.mid
[2010/09/13 11:49:02 | 000,079,640 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\1254533238150_f[1].jpg
[2010/09/13 11:43:06 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Voobys.lnk
[2010/09/12 22:53:33 | 004,010,135 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\112-Tenjou_Tenge_-_Aishitene_Motto.mp3

========== Files Created - No Company Name ==========

[2010/10/06 16:10:38 | 009,935,054 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Watch This Space - Britannia High (Lauren & Claudine) [w_ lyrics].mp4
[2010/10/04 23:26:35 | 007,266,048 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Fullmetal Alchemist Opening 4 Rewrite Full.mp3
[2010/10/03 22:27:56 | 006,650,880 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp3
[2010/10/03 18:35:16 | 006,998,016 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp3
[2010/10/03 18:34:57 | 007,478,337 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp4
[2010/10/03 18:30:23 | 070,064,599 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp4
[2010/10/03 16:48:02 | 008,507,136 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp3
[2010/10/03 16:44:04 | 016,075,168 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp4
[2010/10/01 23:37:37 | 003,084,288 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp3
[2010/10/01 23:37:02 | 003,066,526 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp4
[2010/09/29 22:04:03 | 006,157,440 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - DuelMadness Song(kaiba theme) mp3.mp3
[2010/09/29 22:02:16 | 006,183,552 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu Gi Oh! Duel Madness Official Instrumental Track.mp3
[2010/09/28 23:17:27 | 003,046,662 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\01 - To be a Dream.mp3
[2010/09/28 20:11:31 | 000,001,446 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Menara ADSL.lnk
[2010/09/28 20:11:26 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Messagerie avec Menara.lnk
[2010/09/28 20:11:24 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Internet avec Menara.lnk
[2010/09/28 20:04:34 | 000,261,954 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i0.bnm
[2010/09/28 20:04:34 | 000,261,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i3.bnm
[2010/09/28 20:04:34 | 000,261,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i2.bnm
[2010/09/28 20:04:34 | 000,261,938 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i1.bnm
[2010/09/28 20:04:34 | 000,067,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i4.bnm
[2010/09/28 20:04:32 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\ipdetect.exe
[2010/09/28 20:04:31 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2010/09/28 20:04:31 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2010/09/22 23:26:34 | 003,793,152 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! GX Tag Force 3 - OST - Duel_ Tournament.mp3
[2010/09/17 10:42:14 | 000,154,353 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\A01.pdf
[2010/09/16 14:25:19 | 000,001,148 | ---- | C] () -- C:\Documents and Settings\sammy\game.ini
[2010/09/13 11:49:20 | 000,079,640 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\1254533238150_f[1].jpg
[2010/09/12 22:18:11 | 004,010,135 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\112-Tenjou_Tenge_-_Aishitene_Motto.mp3
[2010/08/06 22:31:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/06 22:31:51 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/06 22:31:51 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/06 22:31:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/06 22:31:51 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/08/06 19:58:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/08 22:41:52 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2010/07/08 22:41:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/07/05 18:45:48 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010/07/05 18:45:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2010/07/02 22:47:34 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/07/02 22:47:34 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/24 23:12:45 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/16 19:58:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2010/02/15 19:31:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2010/02/15 19:29:31 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/13 19:16:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2009/11/13 19:16:34 | 000,013,291 | R--- | C] () -- C:\WINDOWS\System32\PhotoImpact XL SE.ini
[2009/11/13 19:16:34 | 000,009,074 | R--- | C] () -- C:\WINDOWS\System32\Vista.ini
[2009/11/13 19:16:34 | 000,008,742 | R--- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2009/11/13 19:16:34 | 000,006,432 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2009/11/13 19:16:34 | 000,000,583 | R--- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2009/09/15 21:33:50 | 000,063,574 | ---- | C] () -- C:\Documents and Settings\sammy\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/09/15 21:33:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/08/15 22:35:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\fusioncache.dat
[2009/07/29 09:41:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/24 18:49:53 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/07/23 13:24:58 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/19 14:20:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/07/16 20:34:19 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/16 20:14:50 | 000,003,238 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/07/11 17:45:32 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009/07/11 17:45:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009/07/11 17:45:30 | 000,000,893 | ---- | C] () -- C:\WINDOWS\adiras.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wscript.exe:SummaryInformation
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >


extras log:

OTL Extras logfile created on: 10/10/2010 17:23:56 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 0,81 Gb Free Space | 1,65% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,38 Gb Free Space | 17,17% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 42,74 Gb Free Space | 83,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 954,56 Mb Total Space | 877,17 Mb Free Space | 91,89% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNICORNI-68682E
Current User Name: sammy
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2027:UDP" = 2027:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2026:UDP" = 2026:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2029:UDP" = 2029:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2302:UDP" = 2302:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2305:UDP" = 2305:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"2304:UDP" = 2304:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe" = C:\Program Files\KONAMI\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\joey_pc.exe:*:Enabled:joey_pc -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner -- (River Past Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B518DF9-4963-4AC7-9250-0EA6154D0AC6}" = Samsung PC Studio 5
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}" = Adobe Setup
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A15ED800-19FF-11D5-AF7F-0050BA1191E9}" = InterVideo FilterSDK
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB25E068-C7A2-482F-A3BC-588A5869844D}" = Kit de Connexion MENARA
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B72257D6-189D-4CB0-9CDC-26A93536C34B}" = Voobys
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF794769-8875-4E01-B7BE-E00104604F4A}" = Adobe Photoshop CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD97C166-020E-415A-98D2-2D89DD9D68F0}" = Mise à jour de logiciel pour les Dossiers Web
"{CDE7F960-BE39-4F9A-A1FF-3799C72CB705}" = Samsung USB Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCCA7A0-5BFA-4D8D-AAE7-443C562389AB}" = Samsung PC Studio 5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"09DA5A1E4E89D27A472F4075BFB98DE53AFE5769" = Package de pilotes Windows - MobileTop (sshpusb) USB (12/06/2005 2.4.0)
"6F20211A07D2A216859CBC3248BDE3B338E543E0" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (12/06/2005 2.4.0)
"87D46C3F73EF6B7F5CD27D922EEE14783E1AD3BF" = Package de pilotes Windows - Sony PSP Type B (11/20/2005 20051120)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32e9033392a51340b32fdc6ad893ab7" = Adobe Photoshop CS3
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Browser Defender_is1" = Browser Defender 2.0.6.15
"camcodec" = CamStudio Lossless Codec
"Card Collector Game Maker" = Card Collector Game Maker
"CCleaner" = CCleaner
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivXCodec" = DivX 4.02 Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"Google Updater" = Outil de mise à jour Google
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Rmtablet" = Pen Pad Driver with Macro Key Manager
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Spyware Doctor" = Spyware Doctor 7.0
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Tuturials" = Tuturials
"UltraISO_is1" = UltraISO Premium V9.36
"Video Cleaner" = River Past Video Cleaner
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WIC" = Windows Imaging Component
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/10/2010 16:24:35 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.2.14.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/10/2010 16:42:35 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.2.14.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/10/2010 16:44:22 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée OTL.exe, version 3.2.14.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/10/2010 16:45:33 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/10/2010 17:29:46 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée procexp.exe, version 12.4.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/10/2010 18:13:26 | Computer Name = UNICORNI-68682E | Source = Google Update | ID = 20
Description =

Error - 10/10/2010 08:11:43 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.46.0.1, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 10/10/2010 08:12:38 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée AvastUI.exe, version 5.0.677.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 10/10/2010 08:13:26 | Computer Name = UNICORNI-68682E | Source = Google Update | ID = 20
Description =

Error - 10/10/2010 08:29:00 | Computer Name = UNICORNI-68682E | Source = Application Hang | ID = 1002
Description = Application bloquée explorer.exe, version 6.0.2900.3156, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 10/10/2010 08:48:38 | Computer Name = UNICORNI-68682E | Source = sptd | ID = 262148
Description = Le pilote a détecté une erreur interne dans ses structures de données
pour .

Error - 10/10/2010 08:49:33 | Computer Name = UNICORNI-68682E | Source = Service Control Manager | ID = 7001
Description = Le service Client DHCP dépend du service NetBIOS sur TCP/IP qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 10/10/2010 08:49:33 | Computer Name = UNICORNI-68682E | Source = Service Control Manager | ID = 7001
Description = Le service Client DNS dépend du service Pilote du protocole TCP/IP
qui n'a pas pu démarrer en raison de l'erreur : %%31

Error - 10/10/2010 08:49:33 | Computer Name = UNICORNI-68682E | Source = Service Control Manager | ID = 7001
Description = Le service Assistance TCP/IP NetBIOS dépend du service AFD qui n'a
pas pu démarrer en raison de l'erreur : %%31

Error - 10/10/2010 08:49:33 | Computer Name = UNICORNI-68682E | Source = Service Control Manager | ID = 7001
Description = Le service ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## dépend
du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur :
%%31

Error - 10/10/2010 08:49:33 | Computer Name = UNICORNI-68682E | Source = Service Control Manager | ID = 7001
Description = Le service Services IPSEC dépend du service Pilote IPSEC qui n'a pas
pu démarrer en raison de l'erreur : %%31

Error - 10/10/2010 08:49:33 | Computer Name = UNICORNI-68682E | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd
StarOpen
Tcpip

Error - 10/10/2010 09:09:01 | Computer Name = UNICORNI-68682E | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/10/2010 09:09:13 | Computer Name = UNICORNI-68682E | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/10/2010 09:09:15 | Computer Name = UNICORNI-68682E | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman
avec les arguments "" pour démarrer le serveur : {BA126AE5-2166-11D1-B1D0-00805FC1270E}


< End of report >

[Essexboy]

Your security programmes are being blocked but unfortunately windows does not tell me the responsible programme. So from safe mode with networking please do the following :

Download Combofix from any of the links below. You must rename it before saving . Rename it to CRSS before saving it to your desktop.

Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

[uberfayt2]

here's combofix's log:

ComboFix 10-10-09.06 - sammy 10/10/2010 20:33:21.6.1 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2038.1760 [GMT 1:00]
Lancé depuis: c:\documents and settings\sammy\Bureau\crss.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-09-10 au 2010-10-10 ))))))))))))))))))))))))))))))))))))
.

2010-10-10 14:12 . 2010-10-10 14:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-10-09 19:54 . 2010-10-09 19:58 -------- d-----w- C:\system32
2010-10-08 21:26 . 2010-10-08 20:01 388608 ----a-w- C:\HijackThis.exe
2010-10-08 10:16 . 2010-10-08 10:16 -------- d-----w- C:\1Ecran tactile2
2010-09-30 22:44 . 2010-10-10 18:30 -------- d-----w- c:\documents and settings\sammy\test2
2010-09-29 20:05 . 2010-09-29 20:05 -------- d-----w- c:\program files\DivX
2010-09-29 20:02 . 2010-09-29 20:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-09-28 19:39 . 2010-09-28 19:39 -------- d-----w- c:\documents and settings\Boss\Local Settings\Application Data\Help
2010-09-28 19:32 . 2010-10-07 13:07 -------- d-----w- c:\documents and settings\Boss\Local Settings\Application Data\LogMeIn Hamachi
2010-09-28 19:09 . 2010-10-10 14:12 -------- d-----w- c:\program files\Menara
2010-09-28 19:04 . 2004-06-28 11:29 114688 ----a-w- c:\windows\system32\unaddrv.exe
2010-09-28 19:04 . 2001-07-27 13:55 127456 ----a-w- c:\windows\system32\ipdetect.exe
2010-09-28 19:04 . 2002-11-15 12:03 126976 ----a-w- c:\windows\system32\coclassfast.dll
2010-09-28 19:04 . 2002-05-09 15:42 155648 ----a-r- c:\windows\system32\AdADIx32.dll
2010-09-28 19:04 . 2001-02-09 08:13 4981 ----a-r- c:\windows\system32\AdADIx2K.dll
2010-09-28 19:04 . 2001-02-08 08:35 46892 ----a-w- c:\windows\system32\adadix16.dll
2010-09-28 19:04 . 2005-06-21 16:21 125913 ----a-w- c:\windows\system32\adiusbaw.sys
2010-09-24 10:27 . 2010-09-24 10:40 -------- d-----w- c:\documents and settings\karim
2010-09-11 21:40 . 2010-09-11 21:40 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-09-11 21:36 . 2010-09-11 21:38 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-09-11 21:36 . 2002-08-22 22:27 348160 ----a-w- c:\windows\system32\FlatBtn6.ocx
2010-09-11 21:36 . 2001-12-12 10:35 348160 ----a-w- c:\windows\system32\MEnc.ocx
2010-09-11 21:36 . 1998-06-24 00:00 140096 ----a-w- c:\windows\system32\Comdlg32.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\spoolsv.exe
[7] 2007-10-14 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
[7] 2007-10-14 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\system32\dllcache\spoolsv.exe

c:\windows\System32\spoolsv.exe ... manque !!
.
((((((((((((((((((((((((((((( SnapShot@2010-10-10_14.01.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-10 14:13 . 2004-08-19 14:09 25088 c:\windows\LastGood.Tmp\system32\shfolder.dll
+ 2010-07-05 17:43 . 2010-10-10 17:23 1615672 c:\windows\system32\FNTCACHE.DAT
- 2010-07-05 17:43 . 2010-07-08 11:55 1615672 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"MacrokeyManager"="WTMKM.exe" [2007-09-19 1969824]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2010-9-28 962661]

[HKLM\~\startupfolder\C:^Documents and Settings^sammy^Menu Démarrer^Programmes^Démarrage^Voobys.lnk]
path=c:\documents and settings\sammy\Menu Démarrer\Programmes\Démarrage\Voobys.lnk
backup=c:\windows\pss\Voobys.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\KONAMI\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2027:UDP"= 2027:UDP:Windows Media Format SDK (iexplore.exe)
"2026:UDP"= 2026:UDP:Windows Media Format SDK (iexplore.exe)
"2029:UDP"= 2029:UDP:Windows Media Format SDK (iexplore.exe)
"2302:UDP"= 2302:UDP:Windows Media Format SDK (iexplore.exe)
"2305:UDP"= 2305:UDP:Windows Media Format SDK (iexplore.exe)
"2304:UDP"= 2304:UDP:Windows Media Format SDK (iexplore.exe)

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [02/07/2010 22:35 218592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/07/2009 10:43 691696]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/04/2010 22:19 165584]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 13:00 277504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/04/2010 22:19 17744]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [02/07/2010 22:47 112592]
S2 gupdate1ca0bac37ed58a4;Service Google Update (gupdate1ca0bac37ed58a4);c:\program files\Google\Update\GoogleUpdate.exe [23/07/2009 16:42 133104]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;"c:\program files\LogMeIn Hamachi\hamachi-2.exe" -s --> c:\program files\LogMeIn Hamachi\hamachi-2.exe [?]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [31/07/2009 13:26 29184]
S3 PhTVTune;OEM 7130AB WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [07/10/2009 20:04 24160]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [02/07/2010 22:34 366840]
.
Contenu du dossier 'Tâches planifiées'

2010-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 15:07]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 15:42]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 15:42]

2010-10-10 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ma.emb-japan.go.jp/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2463E240-4409-461A-9F58-2A87C995460A} = 62.251.229.223 62.251.229.237
.
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(896)
c:\windows\system32\browselc.dll
c:\windows\system32\portabledeviceapi.dll
.
Heure de fin: 2010-10-10 20:41:26
ComboFix-quarantined-files.txt 2010-10-10 19:41
ComboFix2.txt 2010-10-10 14:04

Avant-CF: 762 814 464 octets libres
Après-CF: 756 178 944 octets libres

- - End Of File - - A2FEEC4FC93A405505FF12A58A4C5532

[Essexboy]

On completion of this run can you return to normal mode and let me know what problems remain

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Fcopy::
c:\windows\ERDNT\cache\spoolsv.exe|c:\windows\System32\spoolsv.exe

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new OTL log.

[uberfayt2]

here's combofix's log:

ComboFix 10-10-09.06 - sammy 10/10/2010 22:17:39.7.1 - x86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2038.1693 [GMT 1:00]
Lancé depuis: c:\documents and settings\sammy\Bureau\crss.exe
Commutateurs utilisés :: c:\documents and settings\sammy\Bureau\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ERDNT\cache\spoolsv.exe --> c:\windows\System32\spoolsv.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-10 au 2010-10-10 ))))))))))))))))))))))))))))))))))))
.

2010-10-10 19:48 . 2007-10-14 22:15 57856 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-10 14:12 . 2010-10-10 14:13 -------- d-----w- c:\windows\LastGood.Tmp
2010-10-09 19:54 . 2010-10-10 19:49 -------- d-----w- C:\system32
2010-10-08 21:26 . 2010-10-08 20:01 388608 ----a-w- C:\HijackThis.exe
2010-10-08 10:16 . 2010-10-08 10:16 -------- d-----w- C:\1Ecran tactile2
2010-09-30 22:44 . 2010-10-10 18:30 -------- d-----w- c:\documents and settings\sammy\test2
2010-09-29 20:05 . 2010-09-29 20:05 -------- d-----w- c:\program files\DivX
2010-09-29 20:02 . 2010-09-29 20:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-09-28 19:39 . 2010-09-28 19:39 -------- d-----w- c:\documents and settings\Boss\Local Settings\Application Data\Help
2010-09-28 19:32 . 2010-10-07 13:07 -------- d-----w- c:\documents and settings\Boss\Local Settings\Application Data\LogMeIn Hamachi
2010-09-28 19:09 . 2010-10-10 14:12 -------- d-----w- c:\program files\Menara
2010-09-28 19:04 . 2004-06-28 11:29 114688 ----a-w- c:\windows\system32\unaddrv.exe
2010-09-28 19:04 . 2001-07-27 13:55 127456 ----a-w- c:\windows\system32\ipdetect.exe
2010-09-28 19:04 . 2002-11-15 12:03 126976 ----a-w- c:\windows\system32\coclassfast.dll
2010-09-28 19:04 . 2002-05-09 15:42 155648 ----a-r- c:\windows\system32\AdADIx32.dll
2010-09-28 19:04 . 2001-02-09 08:13 4981 ----a-r- c:\windows\system32\AdADIx2K.dll
2010-09-28 19:04 . 2001-02-08 08:35 46892 ----a-w- c:\windows\system32\adadix16.dll
2010-09-28 19:04 . 2005-06-21 16:21 125913 ----a-w- c:\windows\system32\adiusbaw.sys
2010-09-24 10:27 . 2010-09-24 10:40 -------- d-----w- c:\documents and settings\karim
2010-09-11 21:40 . 2010-09-11 21:40 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2010-09-11 21:36 . 2010-09-11 21:38 -------- d-----w- c:\program files\WAV to MP3 Encoder
2010-09-11 21:36 . 2002-08-22 22:27 348160 ----a-w- c:\windows\system32\FlatBtn6.ocx
2010-09-11 21:36 . 2001-12-12 10:35 348160 ----a-w- c:\windows\system32\MEnc.ocx
2010-09-11 21:36 . 1998-06-24 00:00 140096 ----a-w- c:\windows\system32\Comdlg32.ocx

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-10_14.01.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-10 14:13 . 2004-08-19 14:09 25088 c:\windows\LastGood.Tmp\system32\shfolder.dll
+ 2010-07-05 17:43 . 2010-10-10 17:23 1615672 c:\windows\system32\FNTCACHE.DAT
- 2010-07-05 17:43 . 2010-07-08 11:55 1615672 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-13 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-01 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-01 141848]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"MacrokeyManager"="WTMKM.exe" [2007-09-19 1969824]
"Ulead AutoDetector v2"="c:\program files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2010-9-28 962661]

[HKLM\~\startupfolder\C:^Documents and Settings^sammy^Menu Démarrer^Programmes^Démarrage^Voobys.lnk]
path=c:\documents and settings\sammy\Menu Démarrer\Programmes\Démarrage\Voobys.lnk
backup=c:\windows\pss\Voobys.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\KONAMI\\Yu-Gi-Oh! Power of Chaos JOEY THE PASSION\\joey_pc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2027:UDP"= 2027:UDP:Windows Media Format SDK (iexplore.exe)
"2026:UDP"= 2026:UDP:Windows Media Format SDK (iexplore.exe)
"2029:UDP"= 2029:UDP:Windows Media Format SDK (iexplore.exe)
"2302:UDP"= 2302:UDP:Windows Media Format SDK (iexplore.exe)
"2305:UDP"= 2305:UDP:Windows Media Format SDK (iexplore.exe)
"2304:UDP"= 2304:UDP:Windows Media Format SDK (iexplore.exe)

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [02/07/2010 22:35 218592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/07/2009 10:43 691696]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/04/2010 22:19 165584]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [15/03/2005 13:00 277504]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/04/2010 22:19 17744]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [02/07/2010 22:47 112592]
S2 gupdate1ca0bac37ed58a4;Service Google Update (gupdate1ca0bac37ed58a4);c:\program files\Google\Update\GoogleUpdate.exe [23/07/2009 16:42 133104]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;"c:\program files\LogMeIn Hamachi\hamachi-2.exe" -s --> c:\program files\LogMeIn Hamachi\hamachi-2.exe [?]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [31/07/2009 13:26 29184]
S3 PhTVTune;OEM 7130AB WDM TVTuner;c:\windows\system32\drivers\PhTVTune.sys [07/10/2009 20:04 24160]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [02/07/2010 22:34 366840]
.
Contenu du dossier 'Tâches planifiées'

2010-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-23 15:07]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 15:42]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 15:42]

2010-10-10 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ma.emb-japan.go.jp/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {2463E240-4409-461A-9F58-2A87C995460A} = 62.251.229.223 62.251.229.237
.
.
Heure de fin: 2010-10-10 22:24:23
ComboFix-quarantined-files.txt 2010-10-10 21:24
ComboFix2.txt 2010-10-10 14:04

Avant-CF: 763 924 480 octets libres
Après-CF: 750 239 744 octets libres

- - End Of File - - 817462D7E3FB267955DD2C8B4DCA09E0



otl log:
OTL logfile created on: 10/10/2010 22:28:05 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\sammy\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 0,72 Gb Free Space | 1,48% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 8,38 Gb Free Space | 17,17% Space Free | Partition Type: NTFS
Drive E: | 51,39 Gb Total Space | 42,74 Gb Free Space | 83,18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 954,56 Mb Total Space | 876,63 Mb Free Space | 91,84% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNICORNI-68682E
Current User Name: sammy
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/08 22:21:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sammy\Bureau\OTL.exe
PRC - [2007/10/14 23:14:30 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/08 22:21:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sammy\Bureau\OTL.exe
MOD - [2006/08/25 08:51:14 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2004/08/03 22:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/24 21:22:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/09/17 17:48:48 | 000,364,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\atwtusb.exe -- (WTService)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\sammy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/09 15:48:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/06/02 11:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/27 07:46:48 | 006,023,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/14 23:16:37 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/04/19 22:17:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/11/01 06:19:36 | 000,336,128 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2006/11/01 06:19:36 | 000,024,160 | R--- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2006/05/31 11:18:30 | 000,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/12/22 13:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 13:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 13:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/06/21 17:21:18 | 000,125,913 | R--- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2005/03/15 13:00:00 | 000,277,504 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SAA713x.sys -- (713xTVCard)
DRV - [2004/03/02 07:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-2052111302-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ma.emb-japan.go.jp/
IE - HKU\S-1-5-21-507921405-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/10/10 15:01:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-507921405-2052111302-725345543-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-507921405-2052111302-725345543-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk = C:\Program Files\Menara\dslmon.exe ()
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-2052111302-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-2052111302-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-2052111302-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-2052111302-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\sammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sammy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/11 12:46:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/18 22:26:20 | 000,000,057 | RHS- | M] () - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/10 22:24:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/10 18:31:18 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sammy\Bureau\OTH.scr
[2010/10/10 18:31:16 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sammy\Bureau\OTL.exe
[2010/10/10 15:12:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/10/10 15:05:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sammy\Recent
[2010/10/10 14:40:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/10 14:40:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/10 14:40:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/10 14:40:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/10 14:40:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/09 20:54:03 | 000,000,000 | ---D | C] -- C:\system32
[2010/10/08 22:26:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/10/08 11:16:04 | 000,000,000 | ---D | C] -- C:\1Ecran tactile2
[2010/09/30 23:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\test2
[2010/09/29 21:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/29 21:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/09/28 20:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\Menara
[2010/09/28 20:04:32 | 000,114,688 | ---- | C] (Analog Devices.) -- C:\WINDOWS\System32\unaddrv.exe
[2010/09/28 20:04:31 | 000,155,648 | R--- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\AdADIx32.dll
[2010/09/28 20:04:31 | 000,004,981 | R--- | C] (SITECSOFT Co., LTD.) -- C:\WINDOWS\System32\AdADIx2K.dll
[2010/09/28 20:04:29 | 000,125,913 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\adiusbaw.sys
[2010/09/20 15:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\ULJM057340001
[2010/09/20 13:46:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\seplugins
[2010/09/11 22:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2010/09/11 22:36:45 | 000,348,160 | ---- | C] (DGP) -- C:\WINDOWS\System32\MEnc.ocx
[2010/09/11 22:36:45 | 000,348,160 | ---- | C] (DevPower Development Tools) -- C:\WINDOWS\System32\FlatBtn6.ocx
[2010/09/11 22:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\WAV to MP3 Encoder
[2010/09/11 21:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\Nouveau dossier (4)
[2010/08/30 12:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Local Settings\Application Data\LogMeIn Hamachi
[2010/08/26 23:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\ACS
[2010/08/23 14:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/08/18 00:50:54 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/18 00:50:54 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/18 00:50:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/18 00:50:53 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/18 00:50:53 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/18 00:50:53 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/18 00:50:53 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/18 00:50:52 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/18 00:50:52 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/18 00:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/09 15:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\Alcohol120_retail_2.0.0.1331_cracked
[2010/08/09 12:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Application Data\WinBatch
[2010/08/06 22:31:51 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/08/06 22:31:51 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/08/06 22:31:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/06 21:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Application Data\Media Player Classic
[2010/08/04 19:44:36 | 000,023,040 | ---- | C] (OSTROWSKY) -- C:\WINDOWS\System32\Register.exe
[2010/08/02 14:34:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Application Data\Publish Providers
[2010/08/02 14:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Local Settings\Application Data\Sony
[2010/08/02 14:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Application Data\Sony
[2010/08/02 14:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
[2010/07/25 22:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Mes documents\One_Piece
[2010/07/25 22:42:45 | 000,000,000 | ---D | C] -- C:\OnemangaDownloader
[2010/07/21 21:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sammy\Bureau\ULJS00175-000
[2010/07/21 12:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\danny_kay1710
[2010/07/14 23:00:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\sammy\Bureau\Temp
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/10 22:22:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/10 20:49:08 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\sammy\NTUSER.DAT
[2010/10/10 20:28:21 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/10 20:14:05 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 20:00:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\HPpromotions journeysoftware.job
[2010/10/10 19:29:55 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/10 19:29:49 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/10/10 19:29:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/10 19:24:28 | 003,876,688 | R--- | M] () -- C:\Documents and Settings\sammy\Bureau\crss.exe
[2010/10/10 18:23:56 | 001,615,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/10 17:19:44 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sammy\Bureau\OTH.scr
[2010/10/10 15:18:22 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\sammy\ntuser.ini
[2010/10/10 15:06:28 | 000,094,018 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\cc_20101010_150624.reg
[2010/10/10 15:01:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/08 22:40:42 | 000,000,056 | ---- | M] () -- C:\WINDOWS\kgt2k.INI
[2010/10/08 22:39:21 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\ax_files.xml
[2010/10/08 22:38:30 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/08 22:38:28 | 000,134,144 | ---- | M] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 22:21:04 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sammy\Bureau\OTL.exe
[2010/10/08 22:12:54 | 003,875,585 | R--- | M] () -- C:\Documents and Settings\sammy\Bureau\ComboFix.exe
[2010/10/08 21:01:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HijackThis.exe
[2010/10/06 22:25:05 | 000,000,697 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/06 16:10:39 | 009,935,054 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Watch This Space - Britannia High (Lauren & Claudine) [w_ lyrics].mp4
[2010/10/04 23:27:01 | 007,266,048 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Fullmetal Alchemist Opening 4 Rewrite Full.mp3
[2010/10/03 22:28:17 | 006,650,880 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp3
[2010/10/03 18:35:39 | 006,998,016 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp3
[2010/10/03 18:34:57 | 007,478,337 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp4
[2010/10/03 18:30:25 | 070,064,599 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp4
[2010/10/03 16:48:25 | 008,507,136 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp3
[2010/10/03 16:44:04 | 016,075,168 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp4
[2010/10/01 23:37:46 | 003,084,288 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp3
[2010/10/01 23:37:02 | 003,066,526 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp4
[2010/10/01 01:07:56 | 006,157,440 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - DuelMadness Song(kaiba theme) mp3.mp3
[2010/09/30 14:13:03 | 006,183,552 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu Gi Oh! Duel Madness Official Instrumental Track.mp3
[2010/09/29 12:37:18 | 003,046,662 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\01 - To be a Dream.mp3
[2010/09/28 20:47:47 | 000,000,154 | ---- | M] () -- C:\WINDOWS\adidsl.ini
[2010/09/28 20:47:47 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\adidsl.cfg
[2010/09/28 20:11:31 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Menara ADSL.lnk
[2010/09/28 20:11:28 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
[2010/09/28 20:11:26 | 000,002,292 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Messagerie avec Menara.lnk
[2010/09/28 20:11:24 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Internet avec Menara.lnk
[2010/09/22 23:26:46 | 003,793,152 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! GX Tag Force 3 - OST - Duel_ Tournament.mp3
[2010/09/17 23:43:42 | 008,386,350 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\David Christie - Saddle Up 1982.mp3
[2010/09/17 10:42:14 | 000,154,353 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\A01.pdf
[2010/09/16 14:25:19 | 000,001,148 | ---- | M] () -- C:\Documents and Settings\sammy\game.ini
[2010/09/15 14:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 14:01:57 | 000,051,141 | ---- | M] () -- C:\WINDOWS\‚Q‚cŠi“¬ƒcƒN�[ƒ‹‚Q‚Ž‚„.mid
[2010/09/13 11:49:02 | 000,079,640 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\1254533238150_f[1].jpg
[2010/09/13 11:43:06 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Voobys.lnk
[2010/09/12 22:53:33 | 004,010,135 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\112-Tenjou_Tenge_-_Aishitene_Motto.mp3
[2010/09/08 01:19:14 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/04 21:06:50 | 000,006,097 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\46018_1571949335623_1142204013_31680354_5996934_s[1].jpg
[2010/09/01 00:52:58 | 002,110,282 | -H-- | M] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\IconCache.db
[2010/08/30 12:35:15 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\LogMeIn Hamachi.lnk
[2010/08/29 23:08:57 | 000,068,241 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\001.jpg
[2010/08/27 21:35:12 | 002,534,220 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\136 Scarlet Wind.mp3
[2010/08/26 23:29:57 | 011,539,176 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Naruto Shippuden Ending 14 (PSP Video).mp4
[2010/08/23 23:56:19 | 006,094,745 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\fairy tail ending 1 (PSP Video).mp4
[2010/08/23 15:12:08 | 024,707,464 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\videoplayback (PSP Video).mp4
[2010/08/23 14:46:55 | 007,100,923 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\PS3 Test 1 - Disgaea 3 Opening! (PSP Video).mp4
[2010/08/18 00:50:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\SUPER © Uninstall.lnk
[2010/08/18 00:50:55 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\SUPER ©.lnk
[2010/08/15 21:28:30 | 004,079,281 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\inagaddadavida.mp3
[2010/08/15 21:23:27 | 006,203,374 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\321 The Sochen Cave Palace.mp3
[2010/08/14 00:47:59 | 000,000,284 | ---- | M] () -- C:\boot.ini
[2010/08/13 21:05:35 | 002,960,773 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\114 Fariedone RYGS_5013 (Appearance).mp3
[2010/08/12 16:29:16 | 005,416,748 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\112 Five Minutes With the Goblins.mp3
[2010/08/10 23:27:15 | 006,607,399 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Maritsu Evil Academy.mp3
[2010/08/09 15:55:37 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Raccourci vers Alcohol.lnk
[2010/08/09 15:48:56 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/08/06 23:16:12 | 008,122,091 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Matt Bianco - Whose Side Are You On.mp3
[2010/08/02 14:33:52 | 000,002,542 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\Enregistrer Vegas Pro.htm
[2010/07/28 23:19:21 | 003,675,494 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\13 - Graaf,Emperor Of Darkness.mp3
[2010/07/28 23:16:29 | 010,510,628 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\dgrayman.mp3
[2010/07/26 00:36:43 | 004,678,018 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\WhoseSideAreYouOnBT.mp3
[2010/07/23 12:30:49 | 001,052,656 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\Book 3 - Harry Potter and the Prisoner of Azkaban.pdf
[2010/07/16 16:59:15 | 000,016,457 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\45.exe
[2010/07/16 16:59:15 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\sammy\Mes documents\45.cpp
[2010/07/14 09:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 09:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/07/13 15:47:08 | 000,109,488 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\2351 - Tales of Phantasia (E) (M5).sgm
[2010/07/12 23:37:51 | 001,494,570 | ---- | M] () -- C:\Documents and Settings\sammy\Bureau\319 Tales of DB Theme.mp3
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/10 19:24:13 | 003,876,688 | R--- | C] () -- C:\Documents and Settings\sammy\Bureau\crss.exe
[2010/10/10 15:06:25 | 000,094,018 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\cc_20101010_150624.reg
[2010/10/10 14:40:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/10 14:40:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/10 14:40:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/10 14:40:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/10 14:40:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/10 14:40:06 | 003,875,585 | R--- | C] () -- C:\Documents and Settings\sammy\Bureau\ComboFix.exe
[2010/10/06 16:10:38 | 009,935,054 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Watch This Space - Britannia High (Lauren & Claudine) [w_ lyrics].mp4
[2010/10/04 23:26:35 | 007,266,048 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Fullmetal Alchemist Opening 4 Rewrite Full.mp3
[2010/10/03 22:27:56 | 006,650,880 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp3
[2010/10/03 18:35:16 | 006,998,016 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp3
[2010/10/03 18:34:57 | 007,478,337 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yugioh 10th anniversary movie theme_ Make Magic.mp4
[2010/10/03 18:30:23 | 070,064,599 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! 5D's Opening 4 BELIEVE IN NEXUS FULL.mp4
[2010/10/03 16:48:02 | 008,507,136 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp3
[2010/10/03 16:44:04 | 016,075,168 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - InuYasha - Angelus Full Song (jap.).mp4
[2010/10/01 23:37:37 | 003,084,288 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp3
[2010/10/01 23:37:02 | 003,066,526 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - PSP Yu-Gi-Oh! 5D's Tag Force 5 Soundtrack - Back To 2001 Pt2.mp4
[2010/09/29 22:04:03 | 006,157,440 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - DuelMadness Song(kaiba theme) mp3.mp3
[2010/09/29 22:02:16 | 006,183,552 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu Gi Oh! Duel Madness Official Instrumental Track.mp3
[2010/09/28 23:17:27 | 003,046,662 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\01 - To be a Dream.mp3
[2010/09/28 20:11:31 | 000,001,446 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Menara ADSL.lnk
[2010/09/28 20:11:26 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Messagerie avec Menara.lnk
[2010/09/28 20:11:24 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Internet avec Menara.lnk
[2010/09/28 20:04:34 | 000,261,954 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i0.bnm
[2010/09/28 20:04:34 | 000,261,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i3.bnm
[2010/09/28 20:04:34 | 000,261,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i2.bnm
[2010/09/28 20:04:34 | 000,261,938 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i1.bnm
[2010/09/28 20:04:34 | 000,067,258 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtbld3i4.bnm
[2010/09/28 20:04:32 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\ipdetect.exe
[2010/09/28 20:04:31 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2010/09/28 20:04:31 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2010/09/22 23:26:34 | 003,793,152 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\YouTube - Yu-Gi-Oh! GX Tag Force 3 - OST - Duel_ Tournament.mp3
[2010/09/17 10:42:14 | 000,154,353 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\A01.pdf
[2010/09/16 14:25:19 | 000,001,148 | ---- | C] () -- C:\Documents and Settings\sammy\game.ini
[2010/09/13 11:49:20 | 000,079,640 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\1254533238150_f[1].jpg
[2010/09/12 22:18:11 | 004,010,135 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\112-Tenjou_Tenge_-_Aishitene_Motto.mp3
[2010/09/04 21:10:06 | 000,006,097 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\46018_1571949335623_1142204013_31680354_5996934_s[1].jpg
[2010/09/04 01:11:30 | 008,386,350 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\David Christie - Saddle Up 1982.mp3
[2010/08/30 12:35:15 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\LogMeIn Hamachi.lnk
[2010/08/29 23:07:03 | 000,068,241 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\001.jpg
[2010/08/27 21:28:33 | 002,534,220 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\136 Scarlet Wind.mp3
[2010/08/26 23:28:53 | 011,539,176 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\Naruto Shippuden Ending 14 (PSP Video).mp4
[2010/08/23 23:55:59 | 006,094,745 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\fairy tail ending 1 (PSP Video).mp4
[2010/08/23 15:10:28 | 024,707,464 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\videoplayback (PSP Video).mp4
[2010/08/23 14:45:30 | 007,100,923 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\PS3 Test 1 - Disgaea 3 Opening! (PSP Video).mp4
[2010/08/18 00:50:55 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\SUPER © Uninstall.lnk
[2010/08/18 00:50:55 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\SUPER ©.lnk
[2010/08/18 00:50:54 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/18 00:50:53 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/18 00:50:53 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/18 00:50:52 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/18 00:50:52 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/18 00:50:52 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/18 00:50:51 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/15 19:28:00 | 006,203,374 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\321 The Sochen Cave Palace.mp3
[2010/08/15 00:30:24 | 004,079,281 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\inagaddadavida.mp3
[2010/08/10 23:27:15 | 006,607,399 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\Maritsu Evil Academy.mp3
[2010/08/10 22:27:05 | 002,960,773 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\114 Fariedone RYGS_5013 (Appearance).mp3
[2010/08/10 20:36:26 | 005,416,748 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\112 Five Minutes With the Goblins.mp3
[2010/08/09 15:57:57 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\ax_files.xml
[2010/08/09 15:55:15 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\Raccourci vers Alcohol.lnk
[2010/08/06 22:31:57 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/06 22:31:51 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/06 22:31:51 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/06 22:31:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/06 22:31:51 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/08/06 22:31:51 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/08/06 19:58:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/04 19:44:36 | 000,002,634 | ---- | C] () -- C:\WINDOWS\System32\DivXAudioCompressor4.02.inf
[2010/08/02 14:33:52 | 000,002,542 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\Enregistrer Vegas Pro.htm
[2010/07/28 23:41:14 | 008,122,091 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\Matt Bianco - Whose Side Are You On.mp3
[2010/07/28 23:19:21 | 003,675,494 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\13 - Graaf,Emperor Of Darkness.mp3
[2010/07/28 23:11:12 | 010,510,628 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\dgrayman.mp3
[2010/07/25 15:02:01 | 004,678,018 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\WhoseSideAreYouOnBT.mp3
[2010/07/23 12:30:42 | 001,052,656 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\Book 3 - Harry Potter and the Prisoner of Azkaban.pdf
[2010/07/16 16:53:54 | 000,016,457 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\45.exe
[2010/07/16 16:53:11 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\sammy\Mes documents\45.cpp
[2010/07/12 23:08:23 | 001,494,570 | ---- | C] () -- C:\Documents and Settings\sammy\Bureau\319 Tales of DB Theme.mp3
[2010/07/08 22:41:52 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2010/07/08 22:41:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/07/05 18:45:48 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2010/07/05 18:45:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2010/07/02 22:47:34 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/07/02 22:47:34 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/24 23:12:45 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/16 19:58:04 | 000,000,038 | ---- | C] () -- C:\WINDOWS\camcodec100.ini
[2010/02/15 19:31:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LauncherAccess.dt
[2010/02/15 19:29:31 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/11/13 19:16:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATWTINK.DLL
[2009/11/13 19:16:34 | 000,013,291 | R--- | C] () -- C:\WINDOWS\System32\PhotoImpact XL SE.ini
[2009/11/13 19:16:34 | 000,009,074 | R--- | C] () -- C:\WINDOWS\System32\Vista.ini
[2009/11/13 19:16:34 | 000,008,742 | R--- | C] () -- C:\WINDOWS\System32\XP_2000.ini
[2009/11/13 19:16:34 | 000,006,432 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2009/11/13 19:16:34 | 000,000,583 | R--- | C] () -- C:\WINDOWS\System32\MKProfile.ini
[2009/09/15 21:33:50 | 000,063,574 | ---- | C] () -- C:\Documents and Settings\sammy\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/09/15 21:33:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/08/15 22:35:37 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\fusioncache.dat
[2009/07/29 09:41:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/24 18:49:53 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2009/07/23 13:24:58 | 000,134,144 | ---- | C] () -- C:\Documents and Settings\sammy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/19 14:20:14 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2009/07/16 20:34:19 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/16 20:14:50 | 000,003,238 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log
[2009/07/11 17:45:32 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009/07/11 17:45:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009/07/11 17:45:30 | 000,000,893 | ---- | C] () -- C:\WINDOWS\adiras.ini

========== LOP Check ==========

[2010/04/24 22:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/09/27 20:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5
[2010/05/01 23:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScreenVCR
[2010/08/02 14:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
[2009/11/13 20:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tablet
[2010/10/10 19:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/11/13 20:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
[2009/11/13 21:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boss\Application Data\Ulead Systems
[2010/04/26 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\Dev-Cpp
[2009/12/24 13:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\fltk.org
[2009/07/29 14:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\ImgBurn
[2010/08/02 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\Publish Providers
[2009/09/27 19:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\River Past G5
[2010/02/15 19:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\Samsung
[2010/08/02 14:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\Sony
[2010/01/18 20:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\STOIK
[2009/11/13 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\Ulead Systems
[2010/04/24 22:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\Uniblue
[2010/09/17 14:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\uTorrent
[2010/08/09 12:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sammy\Application Data\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wscript.exe:SummaryInformation
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
< End of report >

[Essexboy]

Are you still having problems running programmes ?

[uberfayt2]

nothing changed, i'm still unable to run the connexion & internet browser (i'm using another machine for intenet), the antiviruses scan still freezes when reaching the file (hpzipm12.exe), when i shut the computer down it stays at "closing of windows" so i always have to unplug it.

[uberfayt2]

avast detected that the file c:\windows\system32\drivers\HPzipm12.exe is a win32 gen infection, also the otl scan freezes at this exact same file, while ccleaner freezes on the temporary internet folder, could there be some connexion ?

[Essexboy]

Hmm this is intriguing - I would like to run a deep AV scan from safe mode. If that locks at the same place I will quarantine that file and then see whether that alleviates the problem

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• Accept the Licence agreement and click on next
• It will by default install it to your desktop folder.Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

[uberfayt2]

dear essexboy
here are what avp detected within the system:
11/10/2010 19:58:00 Detected: Trojan.Win32.BHO.aipj C:\Documents and Settings\sammy\Bureau\remote joy\PSP ISO Compressor 1.4.exe
11/10/2010 20:21:47 Deleted: Trojan.Win32.BHO.aipj C:\Documents and Settings\sammy\Bureau\remote joy\PSP ISO Compressor 1.4.exe
11/10/2010 20:56:43 Detected: Trojan.Win32.BHO.aipj C:\System Volume Information\_restore{EF8A0305-74DC-4785-9B6D-86DC21DED61D}\RP223\A0035045.exe
11/10/2010 21:02:08 Deleted: Trojan.Win32.BHO.aipj C:\System Volume Information\_restore{EF8A0305-74DC-4785-9B6D-86DC21DED61D}\RP223\A0035045.exe

it didn't found the file that i mentionned above, pehaps its only active during normal boot mode. I really hope we can fix it ^^

[Essexboy]

OK now lets run a quick scan with MBAM and see if it lock there again - if it does I will quarantine that file. Run this in normal mode please

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[uberfayt2]

here's what hppened: i ran MBAM, then i selected quick scan task then it froze 3 seconds after while saying "preparing for scaning"... here are the paths of the files that i mentionned:
c:\windows\system32\spool\drivers\w32x86\HPZIPM12.exe
c:\windows\system32\HPZipm12.exe