A virus is blocking my access to everything...
toxic512008
Posted messages
158
Status
Member
-
toxic512008 Posted messages 158 Status Member -
toxic512008 Posted messages 158 Status Member -
Hello, (Comeback on how it works after a few years of being inactive)
Here I am because I caught a big PC virus.. The symptoms:
- Control panel inaccessible (Blank page with no options)
- Right-click is blocked
- Everything has turned into English, and options are missing, such as the recycle bin is now called Recycle Bin
- The hard drive has no name
- Folders are in English
- Unable to: Move, delete, extract a file
- Internet has nothing on that side
- I can open programs, view them but nothing else
- The search bar in start is blocked (Oh yes, otherwise I would have fixed the problem..)
- In start / accessories => everything is in English (calculator, etc)
- In start HELP AND SUPPORT has been blocked
- Unable to restore the PC to a previous version, I did it once, everything returned to normal then 1-2 days later it came back with the same symptoms....
- Formatting blocked
- Right-click as well as properties have been blocked
- Games, installed programs have no problem opening.
=> The PC starts up fine.
=> I can boot in safe mode + network support if needed
I am on Internet Explorer, Win7. Thank you for your future responses which could help me to remove this virus that I have been searching for a solution for 2-3 months.
Here I am because I caught a big PC virus.. The symptoms:
- Control panel inaccessible (Blank page with no options)
- Right-click is blocked
- Everything has turned into English, and options are missing, such as the recycle bin is now called Recycle Bin
- The hard drive has no name
- Folders are in English
- Unable to: Move, delete, extract a file
- Internet has nothing on that side
- I can open programs, view them but nothing else
- The search bar in start is blocked (Oh yes, otherwise I would have fixed the problem..)
- In start / accessories => everything is in English (calculator, etc)
- In start HELP AND SUPPORT has been blocked
- Unable to restore the PC to a previous version, I did it once, everything returned to normal then 1-2 days later it came back with the same symptoms....
- Formatting blocked
- Right-click as well as properties have been blocked
- Games, installed programs have no problem opening.
=> The PC starts up fine.
=> I can boot in safe mode + network support if needed
I am on Internet Explorer, Win7. Thank you for your future responses which could help me to remove this virus that I have been searching for a solution for 2-3 months.
16 answers
-
Hello
If your antivirus has a sandbox, disable it
Disable your antivirus
Disable Windows Defender if present
Disable your firewall
Close all your running applications
Download and save this on your desktop:
Pre_Scan
If the link doesn't work:
http://www.archive-host.com
If it’s not on your desktop, cut it from your downloads folder and paste it on your desktop
Warning: The desktop will be shut down during the scan --> don’t panic.
Once downloaded, run it, let the scan proceed until you see "Pre_scan.txt" on the desktop.
If the tool is blocked by the infection, use this version: Version .pif
If the tool detects a proxy and you haven't installed one, click on "remove the proxy"
If the tool seems not to have worked, rename it to winlogon, or change its extension to .com or .scr
It may cause a multitude of black windows to flash, let it work
Post Pre_Scan_the_date_and_time.txt that will appear on the desktop at the end of the scan
▶▶▶ DO NOT POST IT ON THE FORUM (it is too long)
Click on this link: http://www.cijoint.fr/
▶ Click on Browse and find the file above.
▶ Click Open.
▶ Click on "Click here to upload the file".
A link of this form:
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
will be added to the page.
▶ Copy this link in your reply.
If your desktop doesn't reappear => ctrl+alt+del, task manager => file tab => new task then type explorer
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ -
ok well join it as requested
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ -
▶ Download Reload_TDSSKiller
▶ Run the
choose: start the cleaning
the tool will automatically download the latest version and then
TDSSKiller will open, click on "Start Scan"
If TDSS.tdl2 is detected, the delete option will be checked by default.
If TDSS.tdl3 is detected, make sure that Cure is checked.
If TDSS.tdl4 (\HardDisk0\MBR) is detected, make sure that Cure is checked.
If Suspicious file is indicated, leave the option checked on Skip
If Rootkit.Win32.ZAccess.* is detected, set to "cure" at the top, and "delete" at the bottom
once it has finished, restart if prompted to complete the cleaning
otherwise, close tdssKiller and the report will appear on the desktop
▶ Copy/Paste its content into your next reply.
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_development_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
```html 18:36:39.0203 6020 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
18:36:39.0383 6020 ============================================================
18:36:39.0383 6020 Current date / time: 2011/10/09 18:36:39.0383
18:36:39.0383 6020 SystemInfo:
18:36:39.0383 6020
18:36:39.0383 6020 OS Version: 6.1.7601 ServicePack: 1.0
18:36:39.0383 6020 Product type: Workstation
18:36:39.0383 6020 ComputerName: RORO-PC
18:36:39.0383 6020 UserName: roro
18:36:39.0383 6020 Windows directory: C:\Windows
18:36:39.0383 6020 System windows directory: C:\Windows
18:36:39.0383 6020 Processor architecture: Intel x86
18:36:39.0383 6020 Number of processors: 2
18:36:39.0383 6020 Page size: 0x1000
18:36:39.0383 6020 Boot type: Normal boot
18:36:39.0383 6020 ============================================================
18:36:40.0815 6020 Initialize success
18:36:45.0977 0196 ============================================================
18:36:45.0977 0196 Scan started
18:36:45.0977 0196 Mode: Manual;
18:36:45.0977 0196 ============================================================
18:36:46.0307 0196 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:36:46.0307 0196 1394ohci - ok
18:36:46.0337 0196 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:36:46.0347 0196 ACPI - ok
18:36:46.0377 0196 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:36:46.0377 0196 AcpiPmi - ok
18:36:46.0457 0196 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:36:46.0457 0196 adp94xx - ok
18:36:46.0487 0196 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:36:46.0487 0196 adpahci - ok
18:36:46.0507 0196 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:36:46.0507 0196 adpu320 - ok
18:36:46.0567 0196 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:36:46.0577 0196 AFD - ok
18:36:46.0597 0196 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:36:46.0607 0196 agp440 - ok
18:36:46.0627 0196 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:36:46.0627 0196 aic78xx - ok
18:36:46.0687 0196 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:36:46.0687 0196 aliide - ok
18:36:46.0717 0196 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:36:46.0727 0196 amdagp - ok
18:36:46.0747 0196 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:36:46.0757 0196 amdide - ok
18:36:46.0797 0196 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:36:46.0797 0196 AmdK8 - ok
18:36:46.0807 0196 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:36:46.0817 0196 AmdPPM - ok
18:36:46.0847 0196 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:36:46.0847 0196 amdsata - ok
18:36:46.0857 0196 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:36:46.0867 0196 amdsbs - ok
18:36:46.0877 0196 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:36:46.0887 0196 amdxata - ok
18:36:46.0937 0196 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:36:46.0937 0196 AppID - ok
18:36:46.0977 0196 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:36:46.0977 0196 arc - ok
18:36:46.0987 0196 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:36:46.0987 0196 arcsas - ok
18:36:47.0077 0196 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:36:47.0087 0196 AsyncMac - ok
18:36:47.0097 0196 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:36:47.0097 0196 atapi - ok
18:36:47.0137 0196 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:36:47.0147 0196 b06bdrv - ok
18:36:47.0187 0196 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:36:47.0197 0196 b57nd60x - ok
18:36:47.0217 0196 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:36:47.0217 0196 Beep - ok
18:36:47.0247 0196 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:36:47.0247 0196 blbdrive - ok
18:36:47.0307 0196 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:36:47.0307 0196 bowser - ok
18:36:47.0317 0196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:36:47.0317 0196 BrFiltLo - ok
18:36:47.0327 0196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:36:47.0327 0196 BrFiltUp - ok
18:36:47.0367 0196 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:36:47.0367 0196 Brserid - ok
18:36:47.0377 0196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:36:47.0377 0196 BrSerWdm - ok
18:36:47.0387 0196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:36:47.0387 0196 BrUsbMdm - ok
18:36:47.0397 0196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:36:47.0407 0196 BrUsbSer - ok
18:36:47.0447 0196 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
18:36:47.0447 0196 BthEnum - ok
18:36:47.0457 0196 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:36:47.0457 0196 BTHMODEM - ok
18:36:47.0487 0196 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
18:36:47.0487 0196 BthPan - ok
18:36:47.0507 0196 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
18:36:47.0517 0196 BTHPORT - ok
18:36:47.0557 0196 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
18:36:47.0567 0196 BTHUSB - ok
18:36:47.0587 0196 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:36:47.0587 0196 cdfs - ok
18:36:47.0617 0196 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:36:47.0617 0196 cdrom - ok
18:36:47.0647 0196 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:36:47.0647 0196 circlass - ok
18:36:47.0697 0196 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:36:47.0707 0196 CLFS - ok
18:36:47.0737 0196 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:36:47.0737 0196 CmBatt - ok
18:36:47.0757 0196 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:36:47.0757 0196 cmdide - ok
18:36:47.0807 0196 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
18:36:47.0807 0196 CNG - ok
18:36:47.0827 0196 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:36:47.0827 0196 Compbatt - ok
18:36:47.0857 0196 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:36:47.0857 0196 CompositeBus - ok
18:36:47.0917 0196 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:36:47.0917 0196 crcdisk - ok
18:36:47.0977 0196 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:36:47.0977 0196 DfsC - ok
18:36:48.0007 0196 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:36:48.0007 0196 discache - ok
18:36:48.0037 0196 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:36:48.0047 0196 Disk - ok
18:36:48.0087 0196 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:36:48.0087 0196 drmkaud - ok
18:36:48.0127 0196 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:36:48.0137 0196 DXGKrnl - ok
18:36:48.0197 0196 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:36:48.0237 0196 ebdrv - ok
18:36:48.0277 0196 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:36:48.0287 0196 elxstor - ok
18:36:48.0317 0196 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:36:48.0317 0196 ErrDev - ok
18:36:48.0347 0196 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:36:48.0347 0196 exfat - ok
18:36:48.0367 0196 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:36:48.0367 0196 fastfat - ok
18:36:48.0397 0196 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:36:48.0397 0196 fdc - ok
18:36:48.0427 0196 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:36:48.0427 0196 FileInfo - ok
18:36:48.0447 0196 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:36:48.0447 0196 Filetrace - ok
18:36:48.0457 0196 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:36:48.0467 0196 flpydisk - ok
18:36:48.0487 0196 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:36:48.0497 0196 FltMgr - ok
18:36:48.0527 0196 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:36:48.0527 0196 FsDepends - ok
18:36:48.0537 0196 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:36:48.0537 0196 Fs_Rec - ok
18:36:48.0577 0196 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:36:48.0577 0196 fvevol - ok
18:36:48.0607 0196 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:36:48.0607 0196 gagp30kx - ok
18:36:48.0707 0196 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:36:48.0707 0196 hamachi - ok
18:36:48.0727 0196 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:36:48.0727 0196 hcw85cir - ok
18:36:48.0797 0196 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:36:48.0807 0196 HdAudAddService - ok
18:36:48.0837 0196 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:36:48.0837 0196 HDAudBus - ok
18:36:48.0847 0196 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:36:48.0857 0196 HidBatt - ok
18:36:48.0877 0196 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:36:48.0877 0196 HidBth - ok
18:36:48.0887 0196 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:36:48.0897 0196 HidIr - ok
18:36:48.0927 0196 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:36:48.0927 0196 HidUsb - ok
18:36:49.0167 0196 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:36:49.0177 0196 HpSAMD - ok
18:36:49.0207 0196 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:36:49.0217 0196 HTTP - ok
18:36:49.0247 0196 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:36:49.0247 0196 hwpolicy - ok
18:36:49.0277 0196 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:36:49.0277 0196 i8042prt - ok
18:36:49.0307 0196 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:36:49.0307 0196 iaStorV - ok
18:36:49.0357 0196 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:36:49.0357 0196 iirsp - ok
18:36:49.0457 0196 IntcAzAudAddService (354ba9b040908f5ae680087da76d730e) C:\Windows\system32\drivers\RTKVHDA.sys
18:36:49.0507 0196 IntcAzAudAddService - ok
18:36:49.0527 0196 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:36:49.0527 0196 intelide - ok
18:36:49.0557 0196 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:36:49.0557 0196 intelppm - ok
18:36:49.0577 0196 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:36:49.0577 0196 IpFilterDriver - ok
18:36:49.0607 0196 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:36:49.0607 0196 IPMIDRV - ok
18:36:49.0617 0196 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:36:49.0627 0196 IPNAT - ok
18:36:49.0647 0196 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:36:49.0647 0196 IRENUM - ok
18:36:49.0667 0196 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:36:49.0667 0196 isapnp - ok
18:36:49.0717 0196 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:36:49.0717 0196 iScsiPrt - ok
18:36:49.0747 0196 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:36:49.0747 0196 kbdclass - ok
18:36:49.0777 0196 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:36:49.0777 0196 kbdhid - ok
18:36:49.0807 0196 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
18:36:49.0817 0196 KSecDD - ok
18:36:49.0837 0196 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
18:36:49.0847 0196 KSecPkg - ok
18:36:49.0887 0196 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:36:49.0887 0196 lltdio - ok
18:36:49.0937 0196 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:36:49.0937 0196 LSI_FC - ok
18:36:49.0967 0196 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:36:49.0967 0196 LSI_SAS - ok
18:36:50.0007 0196 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:36:50.0007 0196 LSI_SAS2 - ok
18:36:50.0047 0196 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:36:50.0057 0196 LSI_SCSI - ok
18:36:50.0077 0196 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:36:50.0077 0196 luafv - ok
18:36:50.0087 0196 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:36:50.0097 0196 megasas - ok
18:36:50.0117 0196 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:36:50.0127 0196 MegaSR - ok
18:36:50.0167 0196 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:36:50.0167 0196 Modem - ok
18:36:50.0197 0196 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:36:50.0197 0196 monitor - ok
18:36:50.0227 0196 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:36:50.0237 0196 mouclass - ok
18:36:50.0257 0196 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:36:50.0277 0196 mouhid - ok
18:36:50.0297 0196 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:36:50.0307 0196 mountmgr - ok
18:36:50.0337 0196 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:36:50.0337 0196 MpFilter - ok
18:36:50.0387 0196 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:36:50.0387 0196 mpio - ok
18:36:50.0477 0196 MpKsl02f0b933 - ok
18:36:50.0497 0196 MpKsl115ae623 - ok
18:36:50.0497 0196 MpKsl22381659 - ok
18:36:50.0557 0196 MpKsl2f9ad92b (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F2C2487-9D6C-4271-8883-A467C85EA9E1}\MpKsl2f9ad92b.sys
18:36:50.0557 0196 MpKsl2f9ad92b - ok
18:36:50.0577 0196 MpKsl3c5a92fd - ok
18:36:50.0587 0196 MpKsl47eed964 - ok
18:36:50.0607 0196 MpKsl4f0a44f1 - ok
18:36:50.0637 0196 MpKsl663bc230 - ok
18:36:50.0647 0196 MpKsl6e906669 - ok
18:36:50.0657 0196 MpKsl741cffd2 - ok
18:36:50.0677 0196 MpKsl9109de62 - ok
18:36:50.0687 0196 MpKsl9cc68799 - ok
18:36:50.0697 0196 MpKsla2539cdc - ok
18:36:50.0717 0196 MpKslc0780576 - ok
18:36:50.0717 0196 MpKslc7c87ccb - ok
18:36:50.0727 0196 MpKslc8db9c9f - ok
18:36:50.0737 0196 MpKslcd1a7f4e - ok
18:36:50.0757 0196 MpKsld5f77580 - ok
18:36:50.0757 0196 MpKslede6597c - ok
18:36:50.0767 0196 MpKsledff8fe5 - ok
18:36:50.0787 0196 MpKslefb4a477 - ok
18:36:50.0807 0196 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:36:50.0807 0196 MpNWMon - ok
18:36:50.0857 0196 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:36:50.0857 0196 mpsdrv - ok
18:36:50.0897 0196 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:36:50.0897 0196 MRxDAV - ok
18:36:50.0927 0196 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:36:50.0937 0196 mrxsmb - ok
18:36:50.0967 0196 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:36:50.0977 0196 mrxsmb10 - ok
18:36:50.0987 0196 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:36:50.0997 0196 mrxsmb20 - ok
18:36:51.0027 0196 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:36:51.0027 0196 msahci - ok
18:36:51.0087 0196 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:36:51.0087 0196 msdsm - ok
18:36:51.0117 0196 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:36:51.0117 0196 Msfs - ok
18:36:51.0137 0196 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:36:51.0137 0196 mshidkmdf - ok
18:36:51.0147 0196 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:36:51.0147 0196 msisadrv - ok
18:36:51.0207 0196 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:36:51.0207 0196 MSKSSRV - ok
18:36:51.0267 0196 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:36:51.0267 0196 MSPCLOCK - ok
18:36:51.0277 0196 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:36:51.0277 0196 MSPQM - ok
18:36:51.0297 0196 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:36:51.0297 0196 MsRPC - ok
18:36:51.0317 0196 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:36:51.0317 0196 mssmbios - ok
18:36:51.0327 0196 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:36:51.0337 0196 MSTEE - ok
18:36:51.0367 0196 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:36:51.0367 0196 MTConfig - ok
18:36:51.0397 0196 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:36:51.0397 0196 Mup - ok
18:36:51.0467 0196 musbehco (22fabdc07b4de09773a92d49201c9f94) C:\Users\roro\AppData\Local\Temp\musbehco.sys
18:36:51.0507 0196 musbehco - ok
18:36:51.0557 0196 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:36:51.0567 0196 NativeWifiP - ok
18:36:51.0607 0196 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:36:51.0617 0196 NDIS - ok
18:36:51.0647 0196 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:36:51.0647 0196 NdisCap - ok
18:36:51.0687 0196 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:36:51.0697 0196 NdisTapi - ok
18:36:51.0727 0196 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:36:51.0727 0196 Ndisuio - ok
18:36:51.0757 0196 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:36:51.0767 0196 NdisWan - ok
```
-
-
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
[30/05/2011|17:33:17] | C:\Users\roro\AppData
[30/05/2011|17:33:17] | C:\Users\roro\Application Data
[30/05/2011|17:33:22] | C:\Users\roro\Contacts
[30/05/2011|17:33:17] | C:\Users\roro\Cookies
[30/05/2011|17:33:17] | C:\Users\roro\Desktop
[30/05/2011|17:33:17] | C:\Users\roro\Documents
[30/05/2011|17:33:17] | C:\Users\roro\Downloads
[30/05/2011|17:33:17] | C:\Users\roro\Favorites
[30/05/2011|17:33:17] | C:\Users\roro\Links
[30/05/2011|17:33:17] | C:\Users\roro\Local Settings
[30/05/2011|17:33:17] | C:\Users\roro\Start Menu
[30/05/2011|17:33:17] | C:\Users\roro\My Documents
[30/05/2011|17:33:17] | C:\Users\roro\Templates
[30/05/2011|17:33:17] | C:\Users\roro\Music
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG1
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG2
[09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TM.blf
[09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000001.regtrans-ms
[09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000002.regtrans-ms
[11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TM.blf
[11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000001.regtrans-ms
[11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000002.regtrans-ms
[30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TM.blf
[30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000001.regtrans-ms
[30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000002.regtrans-ms
[05/10/2011|14:10:41] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TM.blf
[05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000001.regtrans-ms
[05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000002.regtrans-ms
[25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TM.blf
[25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000001.regtrans-ms
[25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000002.regtrans-ms
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.ini
[30/05/2011|17:33:17] | C:\Users\roro\Pictures
[30/05/2011|17:33:17] | C:\Users\roro\Recent
[30/05/2011|17:33:17] | C:\Users\roro\Saved Games
[30/05/2011|17:33:31] | C:\Users\roro\Searches
[30/05/2011|17:33:17] | C:\Users\roro\SendTo
[07/09/2011|13:50:46] | C:\Users\roro\Tracing
[30/05/2011|17:33:17] | C:\Users\roro\Videos
[30/05/2011|17:33:17] | C:\Users\roro\Print Neighborhood
[30/05/2011|17:33:17] | C:\Users\roro\Network Neighborhood
¤¤¤¤¤¤¤¤¤¤ %StartMenu%
[14/07/2009|06:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[30/05/2011|17:33:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs
[14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/07/2009|06:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[06/08/2011|15:39:55] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[31/07/2011|18:02:26] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[06/08/2011|13:57:13] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[28/07/2011|19:38:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Game of the Year Edition
[25/08/2011|12:46:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[22/07/2011|21:07:38] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CreeperTools
[14/07/2009|06:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[22/06/2011|18:18:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[14/07/2009|06:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[22/06/2011|18:17:59] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[02/10/2011|14:46:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamigo
[20/06/2011|19:20:48] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[20/06/2011|19:20:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
[14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[30/05/2011|17:26:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[30/05/2011|17:46:20] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[20/06/2011|18:43:56] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[25/06/2011|19:16:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[30/05/2011|18:05:53] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[06/08/2011|15:23:47] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[03/08/2011|14:58:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2
[14/07/2009|06:42:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[20/06/2011|19:09:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[14/07/2009|11:00:22] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[24/07/2011|11:52:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Game Creators
[05/08/2011|12:11:16] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[24/06/2011|15:15:31] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[14/07/2009|06:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[30/05/2011|17:25:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[14/07/2009|06:42:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[14/07/2009|06:46:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[20/06/2011|21:03:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[14/07/2009|06:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs\Startup
[14/07/2009|06:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
¤¤¤¤¤¤¤¤¤¤ %AppData%
[23/07/2011|16:30:20] | C:\Users\roro\AppData\Roaming\.minecraft
[20/06/2011|19:21:59] | C:\Users\roro\AppData\Roaming\Adobe
[02/08/2011|16:45:11] | C:\Users\roro\AppData\Roaming\chrtmp
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\em.class
[30/05/2011|17:44:21] | C:\Users\roro\AppData\Roaming\Google
[30/05/2011|17:33:23] | C:\Users\roro\AppData\Roaming\Identities
[20/06/2011|19:21:59] | C:\Users\roro\AppData\Roaming\Macromedia
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Roaming\Media Center Programs
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Roaming\Microsoft
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\mod_TooManyItems.class
[02/10/2011|16:00:30] | C:\Users\roro\AppData\Roaming\Mozilla
[25/06/2011|19:21:48] | C:\Users\roro\AppData\Roaming\Mumble
[07/09/2011|15:27:11] | C:\Users\roro\AppData\Roaming\OpenOffice.org
[03/08/2011|14:59:22] | C:\Users\roro\AppData\Roaming\SecondLife
[07/09/2011|13:17:51] | C:\Users\roro\AppData\Roaming\SoftGrid Client
[22/06/2011|18:35:34] | C:\Users\roro\AppData\Roaming\teamspeak2
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMICompatibility.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIConfig.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIController.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIStateButtonData.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIUtils.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIView.class
[11/08/2011|13:05:32] | C:\Users\roro\AppData\Roaming\Todae
[07/09/2011|13:15:53] | C:\Users\roro\AppData\Roaming\TP
[22/06/2011|18:39:07] | C:\Users\roro\AppData\Roaming\TS3Client
[24/06/2011|15:39:19] | C:\Users\roro\AppData\Roaming\vlc
[11/08/2011|13:05:16] | C:\Users\roro\AppData\Roaming\Winamp
[20/06/2011|21:03:07] | C:\Users\roro\AppData\Roaming\WinRAR
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgButton.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgButtonHandler.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgCanvas.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgItemHandler.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgItemPanel.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgWidget.class
[17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgZOrder.class
¤¤¤¤¤¤¤¤¤¤ %CommonAppData%
[06/08/2011|15:38:08] | C:\ProgramData\Adobe
[06/08/2011|13:57:11] | C:\ProgramData\Apple
[06/08/2011|15:23:24] | C:\ProgramData\Apple Computer
[14/07/2009|06:53:55] | C:\ProgramData\Application Data
[30/05/2011|17:33:04] | C:\ProgramData\Desktop
[14/07/2009|06:53:55] | C:\ProgramData\Desktop
[14/07/2009|06:53:55] | C:\ProgramData\Documents
[30/05/2011|17:33:04] | C:\ProgramData\Favorites
[14/07/2009|06:53:55] | C:\ProgramData\Favorites
[30/05/2011|17:43:39] | C:\ProgramData\Google
[20/06/2011|19:20:40] | C:\ProgramData\IM
[20/06/2011|19:20:40] | C:\ProgramData\IncrediMail
[30/05/2011|17:33:04] | C:\ProgramData\Start Menu
[14/07/2009|04:37:05] | C:\ProgramData\Microsoft
[30/05/2011|17:33:04] | C:\ProgramData\Templates
¤¤¤¤¤¤¤¤¤¤ %LocalAppData%
[06/08/2011|15:37:58] | C:\Users\roro\AppData\Local\Adobe
[06/08/2011|13:57:15] | C:\Users\roro\AppData\Local\Apple
[06/08/2011|14:03:27] | C:\Users\roro\AppData\Local\Apple Computer
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Application Data
[30/05/2011|17:43:18] | C:\Users\roro\AppData\Local\Apps
[29/09/2011|14:32:32] | C:\Users\roro\AppData\Local\Conduit
[03/08/2011|15:11:40] | C:\Users\roro\AppData\Local\Databases.db
[30/05/2011|17:43:17] | C:\Users\roro\AppData\Local\Deployment
[19/07/2011|13:01:48] | C:\Users\roro\AppData\Local\Diagnostics
[05/07/2011|11:55:04] | C:\Users\roro\AppData\Local\ElevatedDiagnostics
[30/05/2011|17:43:18] | C:\Users\roro\AppData\Local\GDIPFONTCACHEV1.DAT
[30/05/2011|17:43:27] | C:\Users\roro\AppData\Local\Google
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\History
[03/08/2011|15:11:41] | C:\Users\roro\AppData\Local\http_www.flickr.com_0
[07/09/2011|13:02:09] | C:\Users\roro\AppData\Local\IconCache.db
[20/06/2011|19:20:54] | C:\Users\roro\AppData\Local\IM
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Microsoft
[07/08/2011|12:36:12] | C:\Users\roro\AppData\Local\Microsoft Games
[02/10/2011|14:16:41] | C:\Users\roro\AppData\Local\reakktor
[03/08/2011|14:59:21] | C:\Users\roro\AppData\Local\SecondLife
[07/09/2011|13:17:51] | C:\Users\roro\AppData\Local\SoftGrid Client
[22/06/2011|18:37:14] | C:\Users\roro\AppData\Local\TeamSpeak 3 Client
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Temp
[30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Temporary Internet Files
[30/05/2011|17:33:18] | C:\Users\roro\AppData\Local\VirtualStore
[05/07/2011|13:59:38] | C:\Users\roro\AppData\Local\Vivid_Abstractions
[20/06/2011|18:37:39] | C:\Users\roro\AppData\Local\Windows Live
[07/09/2011|13:51:26] | C:\Users\roro\AppData\Local\{12A554B5-2027-4D73-9854-91BEEF938B2F}
[08/09/2011|18:46:21] | C:\Users\roro\AppData\Local\{7823184B-670A-486C-98EF-B886B9B9D419}
[09/09/2011|08:38:10] | C:\Users\roro\AppData\Local\{88AB8425-C6A7-4407-9974-E7E81142FE42}
[08/09/2011|18:46:37] | C:\Users\roro\AppData\Local\{8BD2B0F0-3143-43B0-9843-20C5A284707C}
[07/09/2011|13:51:01] | C:\Users\roro\AppData\Local\{F2D7CE7F-6D1A-466D-A3FE-F59BF1516E80}
¤¤¤¤¤¤¤¤¤¤ %ProgramFiles%
[06/08/2011|15:38:05] | C:\Program Files\Adobe
[06/08/2011|13:57:11] | C:\Program Files\Apple Software Update
[28/07/2011|19:29:30] | C:\Program Files\Call of Duty Game of the Year Edition
[28/08/2011|10:27:34] | C:\Program Files\CCleaner
[14/07/2009|04:37:05] | C:\Program Files\Common Files
[29/09/2011|14:32:34] | C:\Program Files\Conduit
[14/07/2009|06:41:57] | C:\Program Files\desktop.ini
[14/07/2009|06:52:30] | C:\Program Files\DVD Maker
[22/06/2011|18:17:27] | C:\Program Files\EA GAMES
[07/09/2011|14:19:01] | C:\Program Files\ElcomSoft
[30/05/2011|17:33:04] | C:\Program Files\Common Files
[22/06/2011|18:17:54] | C:\Program Files\GameSpy Arcade
[02/10/2011|13:56:58] | C:\Program Files\Gamigo
[30/05/2011|17:43:29] | C:\Program Files\Google
[20/06/2011|19:20:40] | C:\Program Files\IncrediMail
[29/09/2011|14:32:31] | C:\Program Files\IncrediMail_MediaBar_Francais_2
[30/05/2011|18:05:35] | C:\Program Files\InstallShield Installation Information
[14/07/2009|04:37:05] | C:\Program Files\Internet Explorer
[20/06/2011|20:22:22] | C:\Program Files\Java
[07/09/2011|13:16:23] | C:\Program Files\Microsoft Application Virtualization Client
[14/07/2009|06:52:30] | C:\Program Files\Microsoft Games
[07/09/2011|13:16:23] | C:\Program Files\Microsoft Office
[30/05/2011|17:46:17] | C:\Program Files\Microsoft Security Client
[20/06/2011|18:43:32] | C:\Program Files\Microsoft Silverlight
[07/09/2011|13:41:21] | C:\Program Files\Microsoft SQL Server Compact Edition
[20/06/2011|18:32:59] | C:\Program Files\Microsoft.NET
[03/10/2011|08:17:21] | C:\Program Files\mirware with FreeAngel
[22/06/2011|19:57:15] | C:\Program Files\MOHAATools
[14/07/2009|06:52:30] | C:\Program Files\MSBuild
[25/06/2011|19:16:01] | C:\Program Files\Mumble
[30/05/2011|18:03:39] | C:\Program Files\NVIDIA Corporation
[07/09/2011|15:18:44] | C:\Program Files\OpenOffice.org 3
[29/09/2011|14:32:37] | C:\Program Files\Photo Notifier and Animation Creator
[06/08/2011|15:23:24] | C:\Program Files\QuickTime
[30/05/2011|18:09:40] | C:\Program Files\Realtek
[14/07/2009|06:52:30] | C:\Program Files\Reference Assemblies
[03/08/2011|14:58:40] | C:\Program Files\SecondLifeViewer2
[29/08/2011|22:00:37] | C:\Program Files\Spybot - Search & Destroy
[20/06/2011|19:09:23] | C:\Program Files\Steam
[30/05/2011|18:09:36] | C:\Program Files\Temp
[24/07/2011|11:49:01] | C:\Program Files\The Game Creators
[14/07/2009|06:53:23] | C:\Program Files\Uninstall Information
[24/06/2011|15:15:13] | C:\Program Files\VideoLAN
[11/08/2011|14:01:35] | C:\Program Files\VirtualDJ
[11/08/2011|13:05:16] | C:\Program Files\Winamp
[11/08/2011|13:06:16] | C:\Program Files\Winamp Detect
[14/07/2009|06:52:30] | C:\Program Files\Windows Defender
[14/07/2009|11:01:06] | C:\Program Files\Windows Journal
[07/09/2011|13:38:03] | C:\Program Files\Windows Live
[14/07/2009|04:37:05] | C:\Program Files\Windows Mail
[14/07/2009|06:52:30] | C:\Program Files\Windows Media Player
[14/07/2009|04:37:05] | C:\Program Files\Windows NT
[14/07/2009|06:52:30] | C:\Program Files\Windows Photo Viewer
[14/07/2009|06:52:30] | C:\Program Files\Windows Portable Devices
[18/08/2011|15:30:15] | C:\Program Files\Windows Searchqu Toolbar
[14/07/2009|06:52:30] | C:\Program Files\Windows Sidebar
[20/06/2011|21:02:58] | C:\Program Files\WinRAR
¤¤¤¤¤¤¤¤¤¤ %CommonFiles%
[06/08/2011|15:39:45] | C:\Program Files\Common Files\Adobe
[06/08/2011|15:38:04] | C:\Program Files\Common Files\Adobe AIR
[31/07/2011|17:51:55] | C:\Program Files\Common Files\Akamai
[06/08/2011|13:57:28] | C:\Program Files\Common Files\Apple
[24/07/2011|13:34:02] | C:\Program Files\Common Files\Bcgsoft
[30/05/2011|18:09:32] | C:\Program Files\Common Files\InstallShield
[20/06/2011|20:22:49] | C:\Program Files\Common Files\Java
[14/07/2009|04:37:05] | C:\Program Files\Common Files\microsoft shared
[11/08/2011|13:05:24] | C:\Program Files\Common Files\PX Storage Engine
[14/07/2009|04:37:05] | C:\Program Files\Common Files\Services
[14/07/2009|04:37:05] | C:\Program Files\Common Files\SpeechEngines
[20/06/2011|19:09:24] | C:\Program Files\Common Files\Steam
[22/06/2011|18:31:29] | C:\Program Files\Common Files\SWF Studio
[14/07/2009|04:37:05] | C:\Program Files\Common Files\System
[20/06/2011|18:37:37] | C:\Program Files\Common Files\Windows Live
¤¤¤¤¤¤¤¤¤¤ %Temp%\Low
[29/09/2011|14:32:49] | C:\Users\roro\AppData\Local\Temp\Low\Google Toolbar
[02/10/2011|11:51:48] | C:\Users\roro\AppData\Local\Temp\Low\hsperfdata_roro
[21/09/2011|14:33:11] | C:\Users\roro\AppData\Local\Temp\Low\IM
¤¤¤¤¤¤¤¤¤¤ Tasks
[30/05/2011 | 17:43:32] | C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[30/05/2011 | 17:43:32] | C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
¤¤¤¤¤¤¤¤¤¤ Firewall
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ CURRENT_USER | UNINSTALL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\]
"TeamSpeak 3 Client"=TeamSpeak Systems GmbH ->
"Winamp Detect"=Nullsoft, Inc -> 1.0.0.1
¤¤¤¤¤¤¤¤¤¤ LOCAL_MACHINE | UNINSTALL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\]
"AddressBook"= ->
"Adobe AIR"=Adobe Systems Incorporated -> 2.7.0.19530
"Adobe Flash Player ActiveX"=Adobe Systems Incorporated -> 10.3.183.10
"Adobe Shockwave Player"=Adobe Systems, Inc. -> 11.6.1.629
"Akamai"= ->
"Black Prophecy_is1"= ->
"Call of Duty"= ->
"Call of Duty Game of the Year Edition"= ->
"Connection Manager"= ->
"Counter-Strike: Condition Zero"= ->
"DirectDrawEx"= ->
"DXM_Runtime"= ->
"Fontcore"= ->
"GameSpy Arcade"= ->
"IE40"= ->
"IE4Data"= ->
"IE5BAKEX"= ->
"IEData"= ->
"IncrediMail"=IncrediMail Ltd. -> 6.2.9.5079
"IncrediMail MediaBar Francais 2 Toolbar"= -> 6.5.2.8
"IncrediMail_MediaBar_Francais_2 Toolbar"=IncrediMail MediaBar Francais 2 -> 6.5.2.8
"Microsoft .NET Framework 4 Client Profile"=Microsoft Corporation -> 4.0.30319
"Microsoft .NET Framework 4 Client Profile FRA Language Pack"=Microsoft Corporation -> 4.0.30319
"Microsoft .NET Framework 4 Extended"=Microsoft Corporation -> 4.0.30319
"Microsoft Security Client"=Microsoft Corporation -> 2.1.1116.0
"MobileOptionPack"= ->
"MPlayer2"= ->
"NVIDIA Drivers"=NVIDIA Corporation -> 1.10.62.40
"Photo Notifier and Animation Creator"=IncrediMail Ltd. -> 1.0.0.1009
"SchedulingAgent"= ->
"SecondLifeViewer2"= ->
"Steam App 1200"=Tripwire Interactive ->
"Steam App 1220"=Tripwire Interactive ->
"Steam App 1230"=Sandstorm Productions ->
"Steam App 1280"=Darkest Hour Team ->
"Steam App 1290"= ->
"Steam App 220"=Valve ->
"Steam App 380"=Valve ->
"Steam App 4000"=Team Garry ->
"Steam App 420"=Valve ->
"Steam App 440"=Valve ->
"VLC media player"=VideoLAN -> 1.1.10
"WIC"= ->
"Winamp"= ->
"WinRAR archiver"=win.rar GmbH -> 4.01.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Valve -> 1.0.0.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}"=Microsoft Corporation -> 3.0.8402.2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}"=Microsoft Corporation -> 4.0.30319
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2162169"= ->
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2416472"= ->
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871"=Microsoft Corporation -> 1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2478063"= ->
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2487367"=Microsoft Corporation -> 1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523"=Microsoft Corporation -> 1
"{0DEA94ED-915A-4834-A87E-388D012C8E02}"= ->
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}"=Microsoft Corporation -> 4.0.30319
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663"=Microsoft Corporation -> 1
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870"=Microsoft Corporation -> 1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Inc. -> 1.0.0
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}"= ->
"{19192A84-6172-4312-A661-D8F9A34585AB}"=Atomix Productions -> 7.0.4.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}"=Microsoft Corporation -> 10.0.30319
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Inc. -> 7.1.2003.1856
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}"=Oracle -> 6.0.260
"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}"=Microsoft Corporation -> 3.0.8402.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}"=Microsoft Corporation -> 4.0.30319
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2160841"= ->
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2162169"= ->
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708"=Microsoft Corporation -> 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708v2"= ->
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871"=Microsoft Corporation -> 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228"= ->
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478063"= ->
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663"=Microsoft Corporation -> 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2514805"= ->
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870"=Microsoft Corporation -> 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523"=Microsoft Corporation -> 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636"=Microsoft Corporation -> 1
"{4A03706F-666A-4037-7777-5F2748764D10}"=Sun Microsystems, Inc. -> 2.0.5.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}"=Microsoft Corporation -> 2.1.1116.0
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}"=Microsoft Corporation -> 2.1.1116.0
"{582876EC-A178-44D4-9823-C10D6C62EAFF}"= ->
"{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}"=IncrediMail -> 6.2.9.5079
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}"=Adobe Systems, Inc -> 12.0.0.1
"{61AD15B2-50DB-4686-A739-14FE180D4429}"=Microsoft Corporation -> 7.250.4225.0
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}"= ->
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}"=Apple Inc. -> 2.0.1
"{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}"=Your company name -> 1.0.0.1009
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"=Microsoft Corporation -> 8.0.61001
"{72604C30-CBD2-4917-9AB5-4274747F3269}_is1"=KevinsL -> 0.2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"=Apple Inc. -> 2.1.3.127
"{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"= ->
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}"=NVIDIA Corporation -> 1.00.7325.0
"{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"= ->
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Corporation -> 4.0.60531.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}"=Microsoft Corporation -> 9.0.30729 -
663 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
665 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
667 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
669 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
671 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
673 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
675 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
677 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
679 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
681 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
683 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
685 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
687 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
689 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
691 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
693 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
695 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
697 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
699 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
701 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
703 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
705 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
707 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
709 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
711 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
713 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
715 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
717 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
719 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
721 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
723 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
725 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
727 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
729 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
731 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
733 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
735 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
737 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
739 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
741 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
743 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
745 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
747 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
749 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
751 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
753 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
755 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
757 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
759 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
761 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
763 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
765 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
767 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
769 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
771 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
773 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
775 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
777 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
779 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
781 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
783 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
785 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
787 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
789 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
791 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
793 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
795 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
797 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
799 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
801 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
803 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
805 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
807 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
809 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
811 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
813 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
815 volsnap[0x893B9C85] -> ntkrnlpa!IofCallDriver[0x8305652A]
817 rdyboost[0x8920C774] -> ntkrnlpa!IofCallDriver[0x8305652A]
819 fvevol[0x891B746F] -> ntkrnlpa!IofCallDriver[0x8305652A]
821 volmgr[0x88C499A8] -> ntkrnlpa!IofCallDriver[0x8305652A]
823 partmgr[0x88C38111] -> ntkrnlpa!IofCallDriver[0x8305652A]
825 CLASSPNP[0x88FA859E] -> ntkrnlpa!IofCallDriver[0x8305652A]
827 ACPI[0x837C03D4] -> ntkrnlpa!IofCallDriver[0x8305652A]
829 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
831 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
833 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
835 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
837 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
839 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
841 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
843 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
845 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
847 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
849 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
851 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
853 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
855 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
857 volsnap[0x893B9C85] -> ntkrnlpa!IofCallDriver[0x8305652A]
859 rdyboost[0x8920C774] -> ntkrnlpa!IofCallDriver[0x8305652A]
861 fvevol[0x891B746F] -> ntkrnlpa!IofCallDriver[0x8305652A]
863 volmgr[0x88C499A8] -> ntkrnlpa!IofCallDriver[0x8305652A]
865 partmgr[0x88C38111] -> ntkrnlpa!IofCallDriver[0x8305652A]
867 CLASSPNP[0x88FA859E] -> ntkrnlpa!IofCallDriver[0x8305652A]
869 ACPI[0x837C03D4] -> ntkrnlpa!IofCallDriver[0x8305652A]
871 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
873 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
875 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
877 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
879 volsnap[0x893B9C85] -> ntkrnlpa!IofCallDriver[0x8305652A]
881 rdyboost[0x8920C774] -> ntkrnlpa!IofCallDriver[0x8305652A]
883 fvevol[0x891B746F] -> ntkrnlpa!IofCallDriver[0x8305652A]
885 volmgr[0x88C499A8] -> ntkrnlpa!IofCallDriver[0x8305652A]
887 partmgr[0x88C38111] -> ntkrnlpa!IofCallDriver[0x8305652A]
889 CLASSPNP[0x88FA859E] -> ntkrnlpa!IofCallDriver[0x8305652A]
891 ACPI[0x837C03D4] -> ntkrnlpa!IofCallDriver[0x8305652A]
kernel: MBR read successfully
user & kernel MBR OK
¤¤¤¤¤¤¤¤¤¤ Security Center
[HKLM | Security Center\Svc] | AntispywareOverride : 0
[HKLM | Security Center\Svc] | AntiVirusOverride : 0
[HKLM | Security Center\Svc] | FirewallOverride : 0
¤
[HKLM | FirewallPolicy\DomainProfile] | DisableNotifications : 0
[HKLM | FirewallPolicy\StandardProfile] | DisableNotifications : 0
¤¤¤¤¤¤¤¤¤¤ Ports
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
¤
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
¤¤¤¤¤¤¤¤¤¤ Hidden Files Search
~ External Drives: 0 Hidden Objects
~ Local Disk: 0 Hidden Objects
Users: 1 Hidden Object (Modified)
ProgramFiles: 5 Hidden Objects (Modified)
~ Music: 0 Hidden Objects
~ Pictures: 0 Hidden Objects
~ Videos: 0 Hidden Objects
~ Downloads: 0 Hidden Objects
~ Desktop: 0 Hidden Objects
~ Links: 0 Hidden Objects
Searches: 3 Hidden Objects (Modified)
~ Contacts: 0 Hidden Objects
~ Saved Games: 0 Hidden Objects
~ Favorites: 0 Hidden Objects
Documents: 32 Hidden Objects (Modified)
Windows: 45 Hidden Objects (Modified)
~ StartMenu: 0 Hidden Objects
~ Libraries: 0 Hidden Objects
Quick Launch: 2 Hidden Objects (Modified)
%AppData%: 2 Hidden Objects (Modified)
¤¤¤¤¤¤¤¤¤¤ Alternate Data Streams
Suspect:
¤¤¤¤¤¤
C:\Windows\explorer.exe -> Process restarted
Pre_Script.exe: To make it appear, drag and drop an icon onto Pre_scan
End: 18:17:33
¤¤¤¤¤¤¤¤¤¤(EOF)¤¤¤¤¤¤¤¤¤¤
-
-
try this site for the pre_scan report
https://www.cjoint.com/
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ -
¤¤¤¤¤¤¤¤¤¤ %StartMenu%
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
¤¤¤¤¤¤¤¤¤¤ DNS
[HKLM\CCS | Tcpip\Parameters] | DhcpNameServer -> 212.27.40.240 212.27.40.241
[HKLM\CCS | Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}] | DhcpNameServer -> 212.27.40.240 212.27.40.241
[HKLM\CS001 | Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}] | DhcpNameServer -> 212.27.40.240 212.27.40.241
[HKLM\CS002 | Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}] | DhcpNameServer -> 212.27.40.240 212.27.40.241
[HKLM\CCS | Tcpip\Parameters] | NameServer ->
¤¤¤¤¤¤¤¤¤¤ Hosts
# 127.0.0.1 localhost
# ::1 localhost
¤¤¤¤¤¤¤¤¤¤ HKCU\Software
[HKEY_CURRENT_USER\Software\Adobe]
[HKEY_CURRENT_USER\Software\AppDataLow]
[HKEY_CURRENT_USER\Software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\Software\Battlefield 1942]
[HKEY_CURRENT_USER\Software\Burda]
[HKEY_CURRENT_USER\Software\Clients]
[HKEY_CURRENT_USER\Software\EA Games]
[HKEY_CURRENT_USER\Software\FPSCreator]
[HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
[HKEY_CURRENT_USER\Software\GameSpy]
[HKEY_CURRENT_USER\Software\Google]
[HKEY_CURRENT_USER\Software\IM]
[HKEY_CURRENT_USER\Software\ImInstaller]
[HKEY_CURRENT_USER\Software\IncrediMail]
[HKEY_CURRENT_USER\Software\JavaSoft]
[HKEY_CURRENT_USER\Software\Macromedia]
[HKEY_CURRENT_USER\Software\Maydje]
[HKEY_CURRENT_USER\Software\Microsoft]
[HKEY_CURRENT_USER\Software\MOHAA]
[HKEY_CURRENT_USER\Software\Mumble]
[HKEY_CURRENT_USER\Software\Netscape]
[HKEY_CURRENT_USER\Software\Nuclear Coffee]
[HKEY_CURRENT_USER\Software\NVIDIA Corporation]
[HKEY_CURRENT_USER\Software\Policies]
[HKEY_CURRENT_USER\Software\Realtek]
[HKEY_CURRENT_USER\Software\SecuROM]
[HKEY_CURRENT_USER\Software\Sysinternals]
[HKEY_CURRENT_USER\Software\TeamSpeak 3 Client]
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Valve]
[HKEY_CURRENT_USER\Software\VirtualDJ]
[HKEY_CURRENT_USER\Software\WinRAR]
[HKEY_CURRENT_USER\Software\WinRAR SFX]
[HKEY_CURRENT_USER\Software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\Software\Classes]
¤¤¤¤¤¤¤¤¤¤ HKLM\Software
[HKEY_LOCAL_MACHINE\Software\Activision]
[HKEY_LOCAL_MACHINE\Software\Adobe]
[HKEY_LOCAL_MACHINE\Software\AGEIA Technologies]
[HKEY_LOCAL_MACHINE\Software\AppDataLow]
[HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\Software\Apple Inc.]
[HKEY_LOCAL_MACHINE\Software\ATI Technologies]
[HKEY_LOCAL_MACHINE\Software\BrowserChoice]
[HKEY_LOCAL_MACHINE\Software\C07ft5Y]
[HKEY_LOCAL_MACHINE\Software\CDDB]
[HKEY_LOCAL_MACHINE\Software\Classes]
[HKEY_LOCAL_MACHINE\Software\Clients]
[HKEY_LOCAL_MACHINE\Software\Conduit]
[HKEY_LOCAL_MACHINE\Software\Dark Basic]
[HKEY_LOCAL_MACHINE\Software\Dolby]
[HKEY_LOCAL_MACHINE\Software\DTS]
[HKEY_LOCAL_MACHINE\Software\EA GAMES]
[HKEY_LOCAL_MACHINE\Software\Electronic Arts]
[HKEY_LOCAL_MACHINE\Software\Fraps]
[HKEY_LOCAL_MACHINE\Software\Google]
[HKEY_LOCAL_MACHINE\Software\ImInstaller]
[HKEY_LOCAL_MACHINE\Software\IncrediMail]
[HKEY_LOCAL_MACHINE\Software\IncrediMail_MediaBar_Francais_2]
[HKEY_LOCAL_MACHINE\Software\InstallShield]
[HKEY_LOCAL_MACHINE\Software\Intel]
[HKEY_LOCAL_MACHINE\Software\JavaSoft]
[HKEY_LOCAL_MACHINE\Software\JreMetrics]
[HKEY_LOCAL_MACHINE\Software\Khronos]
[HKEY_LOCAL_MACHINE\Software\Linden Research, Inc.]
[HKEY_LOCAL_MACHINE\Software\Macromedia]
[HKEY_LOCAL_MACHINE\Software\Microsoft]
[HKEY_LOCAL_MACHINE\Software\Mozilla]
[HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\Software\Nuclear Coffee]
[HKEY_LOCAL_MACHINE\Software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\ODBC]
[HKEY_LOCAL_MACHINE\Software\Photo Notifier and Animation Creator]
[HKEY_LOCAL_MACHINE\Software\Policies]
[HKEY_LOCAL_MACHINE\Software\Reakktor]
[HKEY_LOCAL_MACHINE\Software\Realtek]
[HKEY_LOCAL_MACHINE\Software\Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\Software\Sonic]
[HKEY_LOCAL_MACHINE\Software\SonicFocus]
[HKEY_LOCAL_MACHINE\Software\SRS Labs]
[HKEY_LOCAL_MACHINE\Software\The Game Creators]
[HKEY_LOCAL_MACHINE\Software\Valve]
[HKEY_LOCAL_MACHINE\Software\VideoLAN]
[HKEY_LOCAL_MACHINE\Software\VirtualDJ]
[HKEY_LOCAL_MACHINE\Software\Waves Audio]
[HKEY_LOCAL_MACHINE\Software\WinRAR]
¤¤¤¤¤¤¤¤¤¤ Processus
¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre
Mise en quarantaine : C:\$Recycle.bin\S-1-5-21-1913976771-3513930833-1953101718-1001\desktop.ini
Erreur de suppression : C:\Users\roro\AppData\Local\http_www.flickr.com_0
Erreur de suppression : C:\Users\roro\AppData\Roaming\chrtmp
Mise en quarantaine : C:\Windows\Temp\RGI27EB.tmp
Mise en quarantaine : C:\Windows\Temp\RGI27EB.tmp-tmp
Mise en quarantaine : C:\Windows\Temp\RGI47AB.tmp
Mise en quarantaine : C:\Windows\Temp\RGI47AB.tmp-tmp
Mise en quarantaine : C:\Windows\Temp\RGI8A93.tmp
Mise en quarantaine : C:\Windows\Temp\RGI8A93.tmp-tmp
Mise en quarantaine : C:\Windows\Temp\RGI8D38.tmp
Mise en quarantaine : C:\Windows\Temp\RGI8D38.tmp-tmp
Mise en quarantaine : C:\Windows\Temp\RGIB377.tmp
Mise en quarantaine : C:\Windows\Temp\RGIB377.tmp-tmp
Mise en quarantaine : C:\Windows\Temp\RGIB60D.tmp
Mise en quarantaine : C:\Windows\Temp\RGIB60D.tmp-tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\7D98.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\8890.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\IECA32C.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\IECC0F9.tmp
Erreur de suppression : C:\Users\roro\AppData\Local\Temp\IM_56E5.tmp
Supprimé : C:\Users\roro\AppData\Local\Temp\IM_56E5.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\nsb5D5D.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI1FE3.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI1FE3.tmp-tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI4D49.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI4D49.tmp-tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI69B3.tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI69B3.tmp-tmp
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DF15BD0A87B4FAF1EB.TMP
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DF9AB37B0482A8F07E.TMP
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DFA5C2318ECED375B8.TMP
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DFAA6D7E177A6FC988.TMP
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DFD519B7FE2021565F.TMP
Erreur de suppression : C:\Users\roro\AppData\Local\Temp\8890.dir\InstallFlashPlayer.exe
Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\IncrediMail\CMDCF40.tmp
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\55O4LMOV\install_virtualdj_home_v7.0.4b.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\567UKXHI\mediacenter.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\KIYVZH2O\QuickTimeInstaller.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\P228RSZ0\Re-Enable v2.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\P228RSZ0\winamp5621_full_emusic-7plus_fr-fr.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\VA1WKUX9\AdobeAIRInstaller.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\VA1WKUX9\QuickTimeInstaller.exe
Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\VA1WKUX9\Second_Life_2-8-0-236429_Setup.exe
¤¤¤¤¤¤¤¤¤¤ IFEO
¤¤¤¤¤¤¤¤¤¤ Mountpoints2
¤¤¤¤¤¤¤¤¤¤ %Homedrive%
[14/07/2009|04:36:15] | C:\$Recycle.Bin
[14/07/2009|04:04:04] | C:\autoexec.bat
[14/07/2009|04:04:04] | C:\config.sys
[22/07/2011|21:07:36] | C:\CreeperTools
[14/07/2009|06:53:55] | C:\Documents and Settings
[30/05/2011|17:23:08] | C:\hiberfil.sys
[09/10/2011|18:10:38] | C:\Kill'em
[30/05/2011|17:23:15] | C:\pagefile.sys
[14/07/2009|04:37:05] | C:\PerfLogs
[09/10/2011|18:10:58] | C:\Pre_Scan.txt
[14/07/2009|04:37:05] | C:\Program Files
[14/07/2009|04:37:05] | C:\ProgramData
[30/05/2011|17:33:04] | C:\Recovery
[30/05/2011|17:23:08] | C:\System Volume Information
[14/07/2009|04:37:05] | C:\Users
[05/08/2011|12:02:57] | C:\Valve
[14/07/2009|04:37:05] | C:\Windows
¤¤¤¤¤¤¤¤¤¤ %Systemroot%
[14/07/2009|06:52:30] | C:\Windows\addins
[14/07/2009|04:37:05] | C:\Windows\AppCompat
[14/07/2009|04:37:05] | C:\Windows\AppPatch
[14/07/2009|04:37:05] | C:\Windows\assembly
[21/06/2011|17:14:03] | C:\Windows\bfsvc.exe
[14/07/2009|04:37:06] | C:\Windows\Boot
[14/07/2009|06:57:37] | C:\Windows\bootstat.dat
[14/07/2009|04:37:06] | C:\Windows\Branding
[11/08/2011|21:59:50] | C:\Windows\CheckSur
[28/07/2011|19:28:43] | C:\Windows\CoD.INI
[14/07/2009|04:37:06] | C:\Windows\Cursors
[14/07/2009|06:34:21] | C:\Windows\debug
[14/07/2009|06:52:30] | C:\Windows\diagnostics
[14/07/2009|10:39:39] | C:\Windows\DigitalLocker
[20/06/2011|18:52:29] | C:\Windows\DirectX.log
[14/07/2009|06:52:30] | C:\Windows\Downloaded Program Files
[14/07/2009|06:34:31] | C:\Windows\DtcInstall.log
[14/07/2009|11:00:40] | C:\Windows\ehome
[30/05/2011|17:46:48] | C:\Windows\epplauncher.mif
[28/07/2011|19:14:11] | C:\Windows\eReg.dat
[20/06/2011|17:56:21] | C:\Windows\explorer.exe
[14/07/2009|04:37:06] | C:\Windows\Fonts
[14/07/2009|10:39:39] | C:\Windows\fr-FR
[14/07/2009|01:12:58] | C:\Windows\fveupdate.exe
[14/07/2009|04:37:06] | C:\Windows\Globalization
[14/07/2009|04:37:06] | C:\Windows\Help
[14/07/2009|02:12:58] | C:\Windows\HelpPane.exe
[14/07/2009|02:12:22] | C:\Windows\hh.exe
[14/07/2009|11:02:25] | C:\Windows\HomePremium.xml
[20/06/2011|18:13:04] | C:\Windows\IE9_main.log
[14/07/2009|04:37:06] | C:\Windows\IME
[14/07/2009|04:37:06] | C:\Windows\inf
[30/05/2011|17:43:33] | C:\Windows\Installer
[14/07/2009|04:37:06] | C:\Windows\L2Schemas
[14/07/2009|04:37:06] | C:\Windows\LiveKernelReports
[14/07/2009|04:37:06] | C:\Windows\Logs
[14/07/2009|04:37:06] | C:\Windows\Media
[14/07/2009|01:55:01] | C:\Windows\mib.bin
[14/07/2009|04:37:07] | C:\Windows\Microsoft.NET
[14/07/2009|04:37:07] | C:\Windows\ModemLogs
[14/07/2009|04:04:57] | C:\Windows\msdfmap.ini
[02/08/2011|14:38:58] | C:\Windows\MSWINSCK.OCX
[14/07/2009|01:41:04] | C:\Windows\notepad.exe
[14/07/2009|06:52:30] | C:\Windows\Offline Web Pages
[30/05/2011|18:22:25] | C:\Windows\Panther
[07/09/2011|13:16:23] | C:\Windows\PCHEALTH
[14/07/2009|06:52:30] | C:\Windows\Performance
[30/05/2011|17:47:20] | C:\Windows\PFRO.log
[14/07/2009|04:37:07] | C:\Windows\PLA
[14/07/2009|04:37:07] | C:\Windows\PolicyDefinitions
[30/05/2011|17:23:21] | C:\Windows\Prefetch
[14/07/2009|01:17:08] | C:\Windows\regedit.exe
[14/07/2009|04:37:07] | C:\Windows\registration
[14/07/2009|04:37:07] | C:\Windows\rescache
[14/07/2009|04:37:07] | C:\Windows\Resources
[30/05/2011|18:09:35] | C:\Windows\RtlExUpd.dll
[14/07/2009|04:37:07] | C:\Windows\SchCache
[14/07/2009|04:37:07] | C:\Windows\schemas
[14/07/2009|04:37:07] | C:\Windows\security
[14/07/2009|06:34:13] | C:\Windows\ServiceProfiles
[14/07/2009|04:37:07] | C:\Windows\servicing
[14/07/2009|06:34:16] | C:\Windows\Setup
[14/07/2009|06:39:09] | C:\Windows\setupact.log
[14/07/2009|06:39:09] | C:\Windows\setuperr.log
[14/07/2009|11:00:40] | C:\Windows\ShellNew
[30/05/2011|17:26:04] | C:\Windows\SoftwareDistribution
[14/07/2009|04:37:07] | C:\Windows\Speech
[14/07/2009|06:48:09] | C:\Windows\Starter.xml
[14/07/2009|04:37:07] | C:\Windows\system
[14/07/2009|04:04:23] | C:\Windows\system.ini
[14/07/2009|04:37:07] | C:\Windows\System32
[14/07/2009|04:37:09] | C:\Windows\TAPI
[14/07/2009|04:37:09] | C:\Windows\Tasks
[14/07/2009|04:37:09] | C:\Windows\Temp
[14/07/2009|04:37:09] | C:\Windows\tracing
[30/05/2011|17:23:38] | C:\Windows\TSSysprep.log
[10/06/2009|23:41:17] | C:\Windows\twain.dll
[14/07/2009|06:52:30] | C:\Windows\twain_32
[21/06/2011|17:14:10] | C:\Windows\twain_32.dll
[14/07/2009|00:47:26] | C:\Windows\twunk_16.exe
[14/07/2009|02:14:40] | C:\Windows\twunk_32.exe
[14/07/2009|04:37:09] | C:\Windows\Vss
[14/07/2009|04:37:09] | C:\Windows\Web
[14/07/2009|04:04:23] | C:\Windows\win.ini
[14/07/2009|06:41:57] | C:\Windows\WindowsShell.Manifest
[30/05/2011|17:26:02] | C:\Windows\WindowsUpdate.log
[13/07/2009|22:29:46] | C:\Windows\winhelp.exe
[14/07/2009|02:12:29] | C:\Windows\winhlp32.exe
[14/07/2009|04:37:09] | C:\Windows\winsxs
[10/06/2009|23:34:23] | C:\Windows\WMSysPr9.prx
[14/07/2009|01:41:00] | C:\Windows\write.exe
[13/07/2009|23:30:30] | C:\Windows\_default.pif
¤¤¤¤¤¤¤¤¤¤ %Userprofile%
[30/05/2011|17:33:17] | C:\Users\roro\AppData
[30/05/2011|17:33:17] | C:\Users\roro\Application Data
[30/05/2011|17:33:22] | C:\Users\roro\Contacts
[30/05/2011|17:33:17] | C:\Users\roro\Cookies
[30/05/2011|17:33:17] | C:\Users\roro\Desktop
[30/05/2011|17:33:17] | C:\Users\roro\Documents
[30/05/2011|17:33:17] | C:\Users\roro\Downloads
[30/05/2011|17:33:17] | C:\Users\roro\Favorites
[30/05/2011|17:33:17] | C:\Users\roro\Links
[30/05/2011|17:33:17] | C:\Users\roro\Local Settings
[30/05/2011|17:33:17] | C:\Users\roro\Start Menu
[30/05/2011|17:33:17] | C:\Users\roro\My Documents
[30/05/2011|17:33:17] | C:\Users\roro\Templates
[30/05/2011|17:33:17] | C:\Users\roro\Music
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG1
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG2
[09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TM.blf
[09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000001.regtrans-ms
[09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000002.regtrans-ms
[11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TM.blf
[11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000001.regtrans-ms
[11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000002.regtrans-ms
[30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TM.blf
[30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000001.regtrans-ms
[30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000002.regtrans-ms
[05/10/2011|14:10:41] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TM.blf
[05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000001.regtrans-ms
[05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000002.regtrans-ms
[25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TM.blf
[25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000001.regtrans-ms
[25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000002.regtrans-ms
[30/05/2011|17:33:17] | C:\Users\roro\ntuser.ini
[30/05/2011|17:33:17] | C:\Users\roro\Pictures
[30/05/2011|17:33:17] | C:\Users\roro\Recent
[30/05/2011|17:33:17] | C:\Users\roro\Saved Games
[30/05/2011|17:33:31] | C:\Users\roro\Searches
[30/05/2011|17:33:17] | C:\Users\roro\SendTo
[07/09/2011|13:50:46] | C:\Users\roro\Tracing
[30/05/2011|17:33:17] | C:\Users\roro\Videos
[30/05/2011|17:33:17] | C:\Users\roro\Printing Neighborhood
[30/05/2011|17:33:17] | C:\Users\roro\Network Neighborhood
¤¤¤¤¤¤¤¤¤¤ %StartMenu%
[14/07/2009|06:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[30/05/2011|17:33:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
-
-
There is a lack at the beginning... !!
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 1.0.2.92 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
~ Updated on 10/08/2011 | 13:00 by g3n-h@ckm@n
~ Information: http://www.forum-fec.net/t1444-pre_scan-versions
~ : http://www.gen-hackman.net
~ Feedback: http://www.forum-fec.net/t1445-feedback-pre_scan
~ User: roro (Administrators)
~ Computer: RORO-PC
~ Operating System: Windows 7 Home Premium (32 bits) HomePremium Service Pack 1
~ Installation Type: Client
~ Registered as: roro
~ Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
~ Identification: x86 Family 15 Model 75 Stepping 2
Internet Explorer: 9.0.8112.16421
Mozilla Firefox:
Windows Firewall: Active
Windows Defender: Inactive
a:\ -> [Removable] | []
c:\ -> [Fixed] | [] | Total: 238370 Mo | Free: 159340 Mo -> NTFS
d:\ -> [CDROM] | []
e:\ -> [Removable] | []
Scan: 18:11:08 | 10/09/2011
¤¤¤¤¤¤¤¤¤¤ Sessions
~ [HKLM | ProfileList] | S-1-5-21-1913976771-3513930833-1953101718-1001 : ProfileImagePath -> C:\Users\roro
~ [HKLM | ProfileList] | S-1-5-21-1913976771-3513930833-1953101718-1001 : RefCount -> 2
~ [HKLM | ProfileList] | S-1-5-21-1913976771-3513930833-1953101718-1001 : State -> 0
¤¤¤¤¤¤¤¤¤¤ Processes in progress
Start: Normal
268 | C:\Windows\System32\smss.exe - System - Normal - \SystemRoot\System32\smss.exe - 4
424 | C:\Windows\system32\csrss.exe - System - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 412
476 | C:\Windows\system32\wininit.exe - System - High - wininit.exe - 412
492 | C:\Windows\system32\csrss.exe - System - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 484
532 | C:\Windows\system32\services.exe - System - Normal - C:\Windows\system32\services.exe - 476
548 | C:\Windows\system32\lsass.exe - System - Normal - C:\Windows\system32\lsass.exe - 476
556 | C:\Windows\system32\lsm.exe - System - Normal - C:\Windows\system32\lsm.exe - 476
624 | C:\Windows\system32\winlogon.exe - System - High - winlogon.exe - 484
708 | C:\Windows\system32\svchost.exe - System - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 532
772 | C:\Windows\system32\nvvsvc.exe - System - Normal - C:\Windows\system32\nvvsvc.exe - 532
812 | C:\Windows\system32\svchost.exe - NETWORK SERVICE - Normal - C:\Windows\system32\svchost.exe -k RPCSS - 532
860 | c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe - System - Normal - "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" - 532
1024 | C:\Windows\System32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 532
1060 | C:\Windows\System32\svchost.exe - System - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 532
1112 | C:\Windows\system32\svchost.exe - System - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 532
1208 | C:\Windows\system32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\system32\svchost.exe -k LocalService - 532
1276 | C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe - System - Normal - "C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe" - 772
1288 | C:\Windows\system32\nvvsvc.exe - System - Normal - C:\Windows\system32\nvvsvc.exe -session -first - 772
1376 | C:\Windows\system32\svchost.exe - NETWORK SERVICE - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 532
1652 | C:\Windows\System32\spoolsv.exe - System - Normal - C:\Windows\System32\spoolsv.exe - 532
1684 | C:\Windows\system32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 532
1764 | C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - System - Normal - "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" - 532
1796 | C:\Windows\System32\svchost.exe - System - Normal - C:\Windows\System32\svchost.exe -k Akamai - 532
1828 | C:\Windows\system32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 532
1896 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - System - Normal - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" - 532
1996 | C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe - System - Normal - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" - 532
2028 | C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe - System - Normal - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" - 532
328 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - System - Normal - WLIDSvcM.exe 1896 - 1896
2120 | C:\Windows\system32\WUDFHost.exe - LOCAL SERVICE - Normal - "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e52d151f-8b01-454f-b3bb-d7641f41831b -SystemEventPortName:HostProcess-94890e24-37c4-4ba8-b762-4720c551c848 -IoCancelEventPortName:HostProcess-799bf959-0c5e-4212-8e1b-751739610050 -NonStateChangingEventPortName:HostProcess-dd3ab813-60ea-436f-86a1-27e9f633aad1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a6135f2a-94de-4b77-84f9-fe65b1554640 - 1060
2336 | C:\Windows\system32\taskhost.exe - roro - Normal - "taskhost.exe" - 532
2596 | C:\Windows\system32\Dwm.exe - roro - High - "C:\Windows\system32\Dwm.exe" - 1060
2844 | C:\Program Files\Microsoft Security Client\msseces.exe - roro - Normal - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey - 2672
2864 | C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe - roro - Normal - "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s - 2672
2876 | C:\Program Files\Common Files\Java\Java Update\jusched.exe - roro - Normal - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" - 2672
2912 | C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - roro - Normal - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" - 2672
2056 | C:\Windows\system32\svchost.exe - NETWORK SERVICE - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 532
2364 | C:\Windows\system32\SearchIndexer.exe - System - Normal - C:\Windows\system32\SearchIndexer.exe /Embedding - 532
2712 | C:\Program Files\Windows Media Player\wmpnetwk.exe - NETWORK SERVICE - Normal - "C:\Program Files\Windows Media Player\wmpnetwk.exe" - 532
4020 | C:\Windows\System32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - 532
1480 | C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe - roro - Normal - C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe -Embedding - 708
904 | C:\Program Files\Java\jre6\bin\javaw.exe - roro - Normal - javaw -Xmx1024m -Dsun.java2d.noddraw=true -Dsun.java2d.d3d=false -Dsun.java2d.opengl=false -Dsun.java2d.pmoffscreen=false -classpath /C:/Users/roro/Desktop/minecraft.jar net.minecraft.LauncherFrame - 2644
2428 | C:\Users\roro\Downloads\Pre_Scan.exe - roro - High - "C:\Users\roro\Downloads\Pre_Scan.exe" - 2672
676 | C:\Windows\System32\rundll32.exe - roro - Normal - C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding - 708
4256 | C:\Windows\system32\cmd.exe - roro - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2428
5788 | C:\Windows\system32\conhost.exe - roro - Normal - \??\C:\Windows\system32\conhost.exe "2191158371818189802-1355157755430114271-1762945211-961685061175364448-1031713606 - 492
1944 | C:\Kill'em\Pv.exe - roro - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 4256
¤¤¤¤¤¤¤¤¤¤ Main start before deletion
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
¤¤¤¤¤¤¤¤¤¤ Other Silent Starts
¤
¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00
"{249d74a3-bd19-4657-b6ce-e62f480a20de}"=IncrediMail MediaBar French 2 Toolbar
¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00C6D95F-329C-409a-81D7-C46C66EA7F33}"=
"{80009818-f38f-4af1-87b5-eadab9433e58}"=MF ADTS Property Handler
"{09A47860-11B0-4DA5-AFA5-26D86198A780}"=EPP
"{A70C977A-BF00-412C-90B7-034C51DA2439}"=NvCpl DesktopContext Class
"{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}"=NVIDIA Play On My TV Context Menu Extension
"{08165EA0-E946-11CF-9C87-00AA005127ED}"=WebCheckWebCrawler
"{F5175861-2688-11d0-9C5E-00AA00A45957}"=Subscription Folder
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"=WebCheck
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"=Code Download Agent
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"=Subscription Mgr
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"=WebCheck SyncMgr Handler
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"=WinRAR shell extension
¤¤¤¤¤¤¤¤¤¤ BHO
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] | (Adobe PDF Link Helper) -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [09/05/2011|19:04:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{249d74a3-bd19-4657-b6ce-e62f480a20de}] | (IncrediMail MediaBar French 2 Toolbar) -> C:\Program Files\IncrediMail_MediaBar_French_2\prxtbIncr.dll [09/05/2011|11:49:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] | (Windows Live ID Sign-in Helper) -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010|14:08:38]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] | (Google Toolbar Helper) -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [30/05/2011|17:43:41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [20/06/2011|20:22:27]
¤¤¤¤¤¤¤¤¤¤ ActiveX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Microsoft Windows Media Player
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] | BRANDING.CAB -> Browser Customizations
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | -> Microsoft Windows Media Player 12.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.6
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] | -> Address Book 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4_SHELLID -> Windows Desktop Update
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Web Platform Customizations
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] | .NETFramework -> .NET Framework
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface
¤¤¤¤¤¤¤¤¤¤ AppPaths
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe] -> C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [09/05/2011|19:04:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BF1942.exe] -> C:\Program Files\EA GAMES\Battlefield 1942\bf1942.exe [28/07/2011|19:04:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe] ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\dvdmaker.exe] -> %ProgramFiles%\DVD Maker\dvdmaker.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FPSCreator.exe] -> C:\Program Files\The Game Creators\FPS Creator\FPSCreator.exe [24/07/2011|11:49:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\fsquirt.exe] ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE] -> C:\Program Files\Internet Explorer\IEDIAGCMD.EXE [20/06/2011|18:22:36]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [20/06/2011|18:22:36]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImBpp.exe] -> C:\Program Files\IncrediMail\Bin\ImBpp.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLc.exe] -> C:\Program Files\IncrediMail\Bin\ImLc.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLcU.exe] -> C:\Program Files\IncrediMail\Bin\ImLc.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLpp.exe] -> C:\Program Files\IncrediMail\Bin\ImLpp.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImPackr.exe] -> C:\Program Files\IncrediMail\Bin\impackr.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\impackrU.exe] -> C:\Program Files\IncrediMail\Bin\impackr.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpCnt.exe] -> C:\Program Files\IncrediMail\Bin\ImpCnt.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpCntU.exe] -> C:\Program Files\IncrediMail\Bin\ImpCnt.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpContent.exe] -> C:\Program Files\IncrediMail\Bin\ImpCnt.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImSetup.exe] -> C:\Program Files\IncrediMail\Bin\ImSetup.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncMail.exe] -> C:\Program Files\IncrediMail\Bin\IncMail.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncMailU.exe] -> C:\Program Files\IncrediMail\Bin\IncMail.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncrediMail.exe] -> C:\Program Files\IncrediMail\Bin\IncMail.exe [29/09/2011|14:31:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe] ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe] -> C:\Program Files\Java\jre6\bin\javaws.exe [20/06/2011|20:22:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Journal.exe] -> %ProgramFiles%\Windows Journal\Journal.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\migwiz.exe] ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mip.exe] -> %CommonProgramFiles%\Microsoft Shared\Ink\mip.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MOHAA.exe] -> C:\Program Files\EA GAMES\MOHDA\MOHAA.exe [22/06/2011|18:18:45]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\moh_breakthrough.exe] -> C:\Program Files\EA GAMES\MOHDA\moh_breakthrough.exe [22/06/2011|18:37:09]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\moh_spearhead.exe] -> C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe [22/06/2011|18:30:52]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mplayer2.exe] -> %ProgramFiles%\Windows Media Player\wmplayer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pbrush.exe] -> %SystemRoot%\System32\mspaint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PictureViewer.exe] -> C:\Program Files\QuickTime\PictureViewer.exe [05/07/2011|18:36:36]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pnac.exe] -> C:\Program Files\Photo Notifier and Animation Creator\Application\Bin\pnac.exe [23/12/2010|09:02:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerShell.exe] -> %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuickTimePlayer.exe] -> C:\Program Files\QuickTime\QuickTimePlayer.exe [05/07/2011|19:13:08]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe] ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sidebar.exe] -> "%ProgramFiles%\Windows Sidebar\sidebar.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SnippingTool.exe] -> %SystemRoot%\system32\SnippingTool.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe] ->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TabTip.exe] -> %CommonProgramFiles%\microsoft shared\ink\TabTip.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wab.exe] -> %ProgramFiles%\Windows Mail\wab.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wabmig.exe] -> %ProgramFiles%\Windows Mail\wabmig.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe] -> C:\Program Files\WinRAR\WinRAR.exe [20/06/2011|21:02:59]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wmplayer.exe] -> %ProgramFiles%\Windows Media Player\wmplayer.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WORDPAD.EXE] -> "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WRITE.EXE] -> "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"
¤¤¤¤¤¤¤¤¤¤ Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=
"LoadAppInit_DLLs"=0
¤¤¤¤¤¤¤¤¤¤ Winlogon
¤
[HKLM | Winlogon] | Shell: explorer.exe
[HKLM | Winlogon] | AutoRestartShell: 1
[HKLM | Winlogon] | userinit: C:\Windows\system32\userinit.exe,
[HKLM | Winlogon] | PowerDownAfterShutdown: 0 -> 1
[HKLM | Winlogon] | System:
¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify
[.exe]: exefile
[exefile | command]: "%1" %*
[.com]: comfile
[comfile | command]: "%1" %*
[.reg]: regfile
[regfile | command]: regedit.exe "%1"
[.scr]: scrfile
[scrfile | command]: "%1" /S
[.bat]: batfile
uninstall this :
IncrediMail_MediaBar_Francais_2
windows search qu toolbar if present
drag any file icon onto Pre_scan, pre_script will appear
Run Pre_script, a blank page will open.
select all the bold text below, then (right-click/copy or ctrl+c) :
___________________________________________________
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[-HKEY_LOCAL_MACHINE\Software\BrowserChoice]
[-HKEY_LOCAL_MACHINE\Software\IncrediMail_MediaBar_Francais_2]
file::
C:\Users\roro\AppData\Roaming\chrtmp
C:\Users\roro\AppData\Local\http_www.flickr.com_0
C:\Users\roro\AppData\Local\Databases.db
folder::
C:\Users\roro\AppData\Local\http_www.flickr.com_0
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files\Conduit
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Windows Searchqu Toolbar
attrib::
___________________________________________________
then paste it (right-click/paste or ctrl+V) into the blank page.
then file tab => save (not save as...) , then close the text
black windows may flicker, this is normal, the program is working
Pre_Script.txt will appear on the desktop at the end of the work
if your desktop does not reappear => ctrl+alt+del, task manager => file tab => new task then type explorer
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
-
-
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 1.0.2.92 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Update: 08/10/2011 | 14.00 By g3n-h@ckm@n
User: roro (Administrators)
Computer: RORO-PC
Operating System: Windows 7 Home Premium (32 bits)
Internet Explorer: 9.0.8112.16421
Mozilla Firefox:
Possible switches:
processes:: | file:: | folder:: | Registry::
Driver:: | replace:: | DNS:: | Command::
attrib:: | txt:: | Host:: | NsLook::
list:: | IP:: | ADS:: | Kill::
Script: 18:36:19
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Registry modification completed
¤
Deleted: C:\Users\roro\AppData\Roaming\chrtmp
Not Deleted: C:\Users\roro\AppData\Local\http_www.flickr.com_0
Deleted: C:\Users\roro\AppData\Local\Databases.db
¤
Deleted: C:\Users\roro\AppData\Local\http_www.flickr.com_0
Deleted: C:\ProgramData\Spybot - Search & Destroy
Deleted: C:\Program Files\Conduit
Deleted: C:\Program Files\Spybot - Search & Destroy
Deleted: C:\Program Files\Windows Searchqu Toolbar
¤
End: 18:36:22
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
▶ Download here: USBFIX on your desktop
plug in all your USB peripherals without opening them
/!\ Temporarily disable only while using USBFIX the real-time protection of your Antivirus and Antispyware, which can significantly interfere with the search and cleaning procedure of the tool.
if you have XP => double click
if you have Vista or Windows 7 => right-click "run as...."
on the Usbfix icon located on your Desktop.
On the page, click on the button:
▶ choose the Deletion option
▶ UsbFix will scan your pc, let the tool work.
▶ Then post the UsbFix.txt report that will appear on the desktop.
▶ Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)
( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
############################## | UsbFix V 7.061 | [Removal]
User: roro (Administrator) # RORO-PC
Updated on 05/10/2011 by El Desaparecido
Launched at 17:53:19 | 11/10/2011
Website: https://www.sosvirus.net/
Suspect file? : http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com
PC: MSI (MS-7309) (X86-based PC) # Desktop Computer
CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ (2210)
RAM -> [ Total : 2047 | Free : 1193 ]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft Windows 7 Home Premium Edition (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
AV: Microsoft Security Essentials [ (!) Disabled | Updated ]
FW: Windows FireWall Service [ Enabled ]
C:\ (%systemdrive%) -> Hard Drive # 233 GB (155 GB free - 67%) [] # NTFS
D:\ -> CD-ROM
################## | Active Processes |
C:\Windows\system32\csrss.exe (420)
C:\Windows\system32\wininit.exe (472)
C:\Windows\system32\csrss.exe (488)
C:\Windows\system32\services.exe (528)
C:\Windows\system32\lsass.exe (552)
C:\Windows\system32\lsm.exe (560)
C:\Windows\system32\winlogon.exe (620)
C:\Windows\system32\svchost.exe (704)
C:\Windows\system32\svchost.exe (804)
C:\Windows\System32\svchost.exe (980)
C:\Windows\System32\svchost.exe (1016)
C:\Windows\system32\svchost.exe (1048)
C:\Windows\system32\svchost.exe (1200)
C:\Windows\system32\svchost.exe (1360)
C:\Windows\system32\svchost.exe (1660)
C:\Windows\System32\svchost.exe (1776)
C:\Windows\system32\svchost.exe (1816)
C:\Windows\System32\svchost.exe (1912)
C:\Windows\system32\svchost.exe (2576)
C:\Windows\system32\Dwm.exe (1248)
C:\Windows\System32\svchost.exe (896)
C:\Windows\system32\wbem\wmiprvse.exe (4676)
C:\Windows\system32\WUDFHost.exe (2416)
C:\Windows\System32\rundll32.exe (3852)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5016)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (5884)
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (484)
C:\Windows\system32\SearchIndexer.exe (5708)
C:\Windows\System32\spoolsv.exe (3680)
C:\Program Files\Internet Explorer\iexplore.exe (5124)
C:\Windows\Explorer.exe (5736)
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (4544)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (4604)
C:\Program Files\Internet Explorer\iexplore.exe (2848)
C:\UsbFix\Go.exe (6096)
C:\Windows\system32\wbem\wmiprvse.exe (2268)
################## | Stopped Processes |
Stopped! C:\Windows\system32\WUDFHost.exe (2416)
Stopped! C:\Windows\System32\rundll32.exe (3852)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5016)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (5884)
Stopped! c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (484)
Stopped! C:\Windows\system32\SearchIndexer.exe (5708)
Stopped! C:\Windows\System32\spoolsv.exe (3680)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (5124)
Stopped! C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (4544)
Stopped! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (4604)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (2848)
################## | Infectious Items |
Deleted! C:\$RECYCLE.BIN\S-1-5-21-1913976771-3513930833-1953101718-1001
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[11/10/2011 - 17:53:46 | SHD ] C:\$Recycle.Bin
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[11/10/2011 - 17:48:46 | RASHD ] C:\Autorun.inf
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[17/09/2011 - 14:04:38 | D ] C:\CreeperTools
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[11/10/2011 - 16:51:21 | ASH | 1610162176] C:\hiberfil.sys
[10/10/2011 - 18:57:45 | D ] C:\Kill'em
[11/10/2011 - 16:51:23 | ASH | 2146885632] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[10/10/2011 - 18:36:22 | D ] C:\Program Files
[10/10/2011 - 18:36:21 | HD ] C:\ProgramData
[07/09/2011 - 12:54:27 | SHD ] C:\Recovery
[08/10/2011 - 20:26:39 | SHD ] C:\System Volume Information
[11/10/2011 - 17:53:46 | D ] C:\UsbFix
[11/10/2011 - 17:53:32 | A | 4451] C:\UsbFix.txt
[11/10/2011 - 17:48:49 | N | 3796] C:\UsbFix_Upload_Me_RORO-PC.zip
[30/05/2011 - 17:33:14 | D ] C:\Users
[05/08/2011 - 12:02:57 | D ] C:\Valve
[05/10/2011 - 14:10:27 | D ] C:\Windows
################## | Vaccine |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_RORO-PC.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.
################## | E.O.F |
Download here: OTL
▶ save it on your Desktop.
if you have XP => double click
if you have Vista or Windows 7 => right click "run as...."
on OTL.exe to launch it.
▶ > Click here to see the Configuration
▶ Copy and paste the content of the following in bold in the lower part of OTL "Customization"
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
▶ Click on Analyze.
At the end of the scan, Notepad will open with the report (OTL.txt).
This file is on your Desktop (generally C:\Documents and settings\your_username\OTL.txt)
▶▶▶ DO NOT POST IT ON THE FORUM (it is too long)
To send it to me click on this link: http://www.cijoint.fr/
▶ Click on Browse and find the file mentioned above.
▶ Click on Open.
▶ Click on "Click here to upload the file".
just at the button, at the end of the file upload, a link of this form will appear:
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copy this link in your reply.
▶▶ You will do the same with the "Extra.txt" which should also be on your desktop.
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_development_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
OTL Extras logfile created on: 12/10/2011 13:46:41 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\roro\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.50% Memory free
4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 155.09 Gb Free Space | 66.62% Space Free | Partition Type: NTFS
Computer Name: RORO-PC | User Name: roro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- C:\Windows\explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor débarquement allié
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = MOH Débarquement allié En Formation Patch 2.15
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client FR-FR Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942 -
``` ""{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}"" = Apple Application Support
""{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}"" = Photo Notifier and Animation Creator
""{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"" = Microsoft Visual C++ 2005 Redistributable
""{72604C30-CBD2-4917-9AB5-4274747F3269}_is1"" = CreeperTools version 0.2
""{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"" = Apple Software Update
""{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"" = Medal of Honor Allied Assault(tm) In Training
""{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}"" = NVIDIA ForceWare Network Access Manager
""{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"" = Medal of Honor Allied Assault(tm) The Offensive
""{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"" = Microsoft Silverlight
""{9A25302D-30C0-39D9-BD6F-21E6EC160475}"" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
""{9BE518E6-ECC6-35A9-88E4-87755C07200F}"" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
""{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"" = Google Update Helper
""{AC76BA86-7AD7-1036-7B44-AA1000000001}"" = Adobe Reader X (10.1.1) - French
""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision"" = NVIDIA 3D Vision Driver 266.71
""{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel"" = NVIDIA Control Panel 266.71
""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver"" = NVIDIA Graphics Driver 266.71
""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX"" = NVIDIA PhysX System Software 9.10.0514
""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver"" = NVIDIA HD Audio Driver: 1.1.13.1
""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer"" = NVIDIA Install Application
""{B91E4360-298A-4306-9E95-9AD91A0952A1}"" = FPS Creator
""{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}"" = NVIDIA PhysX
""{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}"" = Medal of Honor Allied Assault In Training
""{C9E14402-3631-4182-B377-6B0DFB1C0339}"" = QuickTime
""{DF9046D6-5F1F-40B6-9782-3DC2D902D391}"" = Medal of Honor Allied Assault(tm) The Offensive v2.40 Patch
""{E1019541-10A2-464F-A23E-A4F23DA65160}"" = Mumble 1.2.3
""{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"" = Realtek High Definition Audio Driver
""{FDB3B167-F4FA-461D-976F-286304A57B2A}"" = Adobe AIR
""Adobe AIR"" = Adobe AIR
""Adobe Flash Player ActiveX"" = Adobe Flash Player 10 ActiveX
""Adobe Shockwave Player"" = Adobe Shockwave Player 11.6
""Akamai"" = Akamai NetSession Interface
""Black Prophecy_is1"" = Black Prophecy
""Call of Duty Game of the Year Edition"" = Call of Duty Game of the Year Edition
""Counter-Strike: Condition Zero"" = Counter-Strike: Condition Zero
""GameSpy Arcade"" = GameSpy Arcade
""IncrediMail"" = IncrediMail 2.0
""IncrediMail_MediaBar_Francais_2 Toolbar"" = IncrediMail MediaBar French 2 Toolbar
""Microsoft .NET Framework 4 Client Profile"" = Microsoft .NET Framework 4 Client Profile
""Microsoft .NET Framework 4 Client Profile FRA Language Pack"" = Microsoft .NET Framework 4 Client Profile FRA Language Module
""Microsoft .NET Framework 4 Extended"" = Microsoft .NET Framework 4 Extended
""Microsoft Security Client"" = Microsoft Security Essentials
""NVIDIA Drivers"" = NVIDIA Drivers
""Photo Notifier and Animation Creator"" = Photo Notifier and Animation Creator
""SecondLifeViewer2"" = SecondLifeViewer2 (remove only)
""Steam App 1200"" = Red Orchestra: Ostfront 41-45
""Steam App 1220"" = RedOrchestra SDK Beta
""Steam App 1230"" = Mare Nostrum
""Steam App 1280"" = Darkest Hour: Europe '44-'45
""Steam App 1290"" = Darkest Hour Server
""Steam App 220"" = Half-Life 2
""Steam App 380"" = Half-Life 2: Episode One
""Steam App 4000"" = Garry's Mod
""Steam App 420"" = Half-Life 2: Episode Two
""Steam App 440"" = Team Fortress 2
""Usbfix"" = UsbFix By El Desaparecido
""VLC media player"" = VLC media player 1.1.10
""WinRAR archiver"" = WinRAR 4.01 (32-bit)
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========/color
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""TeamSpeak 3 Client"" = TeamSpeak 3 Client
""Winamp Detect"" = Winamp Application Detection
[color=#E56717]========== Last 10 Event Log Errors ==========/color
[ Application Events ]
Error - 06/10/2011 15:12:30 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 07:18:50 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 07:20:31 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 07:22:13 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 07:23:38 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 07:25:20 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 07:27:24 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 07/10/2011 14:26:05 | Computer Name = roro-PC | Source = SideBySide | ID = 16842824
Description = The activation context creation failed for "c:\program files\microsoft
security client\MSESysprep.dll". Error in the manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" at line 10. The element < imaging > appears as a child of the element urn:schemas-microsoft-com:asm.v1^assembly;
this situation is not supported by this version of Windows.
Error - 09/10/2011 07:36:47 | Computer Name = roro-PC | Source = SideBySide | ID = 16842824
Description = The activation context creation failed for "c:\program files\microsoft
security client\MSESysprep.dll". Error in the manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" at line 10. The element < imaging > appears as a child of the element urn:schemas-microsoft-com:asm.v1^assembly;
this situation is not supported by this version of Windows.
Error - 10/10/2011 11:20:26 | Computer Name = roro-PC | Source = Application Error | ID = 1000
Description = Faulting application name ImApp.exe, version: 6.2.9.5079,
timestamp: 0x4e5d1935 Faulting module name: unknown, version: 0.0.0.0, timestamp
: 0x00000000 Exception code: 0xc0000005 Offset: 0x005c0061 Faulting process ID: 0xd38 Time of faulting application start: 0x01cc8760100da690
Faulting application path: C:\Program Files\IncrediMail\Bin\ImApp.exe
Faulting module path: unknown Report ID: 60aa2790-f353-11e0-90f7-001d92292217
[ System Events ]
Error - 10/10/2011 14:52:28 | Computer Name = roro-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service has stopped with the specific service error
%%-2147467262.
Error - 10/10/2011 14:52:41 | Computer Name = roro-PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 10/10/2011 15:02:46 | Computer Name = roro-PC | Source = Microsoft Antimalware | ID = 3002
Description = The real-time protection feature %%860 encountered an
error and has stopped. Feature: %%886 Error code: 0x800705b4 Error
description: This operation ended because the timeout period expired. Reason:
%%858
Error - 11/10/2011 01:08:33 | Computer Name = roro-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some power management features related to
processor performance have been disabled due to a known issue with
the firmware. Contact the computer manufacturer for the firmware update.
Error - 11/10/2011 01:08:47 | Computer Name = roro-PC | Source = Service Control Manager | ID = 7000
Description = The Intel AGP Bus Filter service failed to start due to the error: %%1058
Error - 11/10/2011 01:08:54 | Computer Name = roro-PC | Source = Microsoft Antimalware | ID = 3002
Description = The real-time protection feature %%860 encountered an
error and has stopped. Feature: %%886 Error code: 0x800705b4 Error
description: This operation ended because the timeout period expired. Reason:
%%892
Error - 11/10/2011 01:09:11 | Computer Name = roro-PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 11/10/2011 01:09:12 | Computer Name = roro-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service has stopped with the specific service error
%%-2147467262.
Error - 11/10/2011 01:10:51 | Computer Name = roro-PC | Source = WMPNetworkSvc | ID = 866292
Description =
Error - 11/10/2011 10:51:20 | Computer Name = roro-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some power management features related to
processor performance have been disabled due to a known issue with
the firmware. Contact the computer manufacturer for the firmware update.
< End of report > ``` -
OTL logfile created on: 12/10/2011 13:46:41 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\roro\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,50% Memory free
4,00 Gb Paging File | 3,02 Gb Available in Paging File | 75,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 155,09 Gb Free Space | 66,62% Space Free | Partition Type: NTFS
Computer Name: RORO-PC | User Name: roro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========/color
PRC - [2011/10/12 13:46:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\roro\Downloads\OTL.exe
PRC - [2011/07/26 15:53:06 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/16 17:04:04 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
[color=#E56717]========== Modules (No Company Name) ==========/color
[color=#E56717]========== Win32 Services (SafeList) ==========/color
SRV - [2011/09/29 14:30:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/23 13:04:10 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/06/20 17:58:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
[color=#E56717]========== Driver Services (SafeList) ==========/color
DRV - [2011/10/12 13:43:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CC7FFBD-4931-476A-A12B-9600DED6ED50}\MpKsl4fcea588.sys -- (MpKsl4fcea588)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/01/17 01:53:00 | 010,480,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/12 09:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/04/09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
[color=#E56717]========== Standard Registry (SafeList) ==========/color
[color=#E56717]========== Internet Explorer ==========/color
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
IE - HKLM\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.msn.com/fr-fr?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 68 47 1B E0 1E CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IncrediMail MediaBar Francais 2 Toolbar) - {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Francais 2 Toolbar) - {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\roro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} https://fr.permissionresearch.com/Config/packages/pr/prsetup.cab (Setup Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}: DhcpNameServer = 212.27.40.240 212.27.40.241
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/11 17:54:48 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found -
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Contrôleur de disquette standard
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Clavier
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Souris
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Réseau
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - ClientRéseau
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - ServiceRéseau
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - TransRéseau
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - Adaptateurs PCMCIA
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - Adaptateur SCSI
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - Système
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Unité de disquette
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Lecteurs de carte intelligente
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Copie desombres de volume
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - Contrôleurs hôtes de bus IEEE 1394
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Périphériques d'interface humaine
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - Dispositifs SBP2 IEEE 1394
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - Dispositifs de sécurité
[color=#E56717]========== Fichiers/Dossiers - Créés dans les 30 derniers jours ==========[/color]
[2011/10/11 17:54:48 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/10/11 17:45:23 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/10/09 18:10:38 | 000,000,000 | ---D | C] -- C:\Kill'em
[2011/10/03 08:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\mirware avec FreeAngel
[2011/10/02 16:00:30 | 000,000,000 | ---D | C] -- C:\Users\roro\AppData\Roaming\Mozilla
[2011/10/02 14:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamigo
[2011/10/02 14:29:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/10/02 14:29:53 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/10/02 14:29:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/10/02 14:29:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/10/02 14:29:52 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/10/02 14:29:52 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/10/02 14:29:52 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/10/02 14:29:52 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/10/02 14:29:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/10/02 14:29:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/10/02 14:29:51 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/10/02 14:29:51 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/10/02 14:29:50 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/10/02 14:29:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/10/02 14:29:50 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/10/02 14:29:50 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/10/02 14:29:50 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/10/02 14:29:49 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/10/02 14:29:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/10/02 14:29:49 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/10/02 14:29:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/10/02 14:29:49 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/10/02 14:29:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/10/02 14:29:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/10/02 14:29:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/10/02 14:29:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/10/02 14:29:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/10/02 14:29:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/10/02 14:29:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/10/02 14:29:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/10/02 14:29:46 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/10/02 14:29:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/10/02 14:29:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/10/02 14:29:46 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/10/02 14:29:45 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/10/02 14:29:45 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/10/02 14:29:45 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/10/02 14:29:44 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/10/02 14:29:44 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/10/02 14:29:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/10/02 14:29:44 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/10/02 14:29:43 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/10/02 14:29:43 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/10/02 14:29:43 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/10/02 14:29:43 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/10/02 14:29:43 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/10/02 14:29:43 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/10/02 14:29:42 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/10/02 14:29:42 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/10/02 14:29:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/10/02 14:29:42 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/10/02 14:29:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/10/02 14:29:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/10/02 14:29:40 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/10/02 14:29:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/10/02 14:29:40 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/10/02 14:29:40 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/10/02 14:29:40 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/10/02 14:29:39 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/10/02 14:29:39 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/10/02 14:29:39 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/10/02 14:29:38 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/10/02 14:29:38 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/10/02 14:29:33 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/10/02 14:29:33 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/10/02 14:29:33 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/10/02 14:29:33 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/10/02 14:29:32 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/10/02 14:29:32 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/10/02 14:29:31 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/10/02 14:29:31 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/10/02 14:29:31 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/10/02 14:16:41 | 000,000,000 | ---D | C] -- C:\Users\roro\AppData\Local\reakktor
[2011/10/02 14:11:29 | 000,000,000 | ---D | C] -- C:\Users\roro\Documents\Reakktor Media
[2011/10/02 13:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Gamigo
[2011/09/29 14:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2011/09/29 14:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
[2011/09/29 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\roro\AppData\Local\Conduit
[2011/09/29 14:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_Francais_2
[color=#E56717]========== Fichiers - Modifiés dans les 30 derniers jours ==========[/color]
[2011/10/12 13:50:56 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 13:50:56 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 13:50:42 | 000,747,368 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/10/12 13:50:42 | 000,654,250 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 13:50:42 | 000,149,786 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/10/12 13:50:42 | 000,122,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 13:44:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 13:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 13:43:40 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/11 21:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/11 17:54:49 | 000,003,383 | ---- | M] () -- C:\UsbFix_Upload_Me_RORO-PC.zip
[2011/10/09 18:17:33 | 000,000,922 | ---- | M] () -- C:\Users\roro\Desktop\Internet Explorer.lnk
[2011/10/08 14:13:34 | 000,360,811 | ---- | M] () -- C:\Users\roro\Desktop\Pre_Script.exe
[2011/10/02 14:46:26 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Launch Black Prophecy .lnk
[2011/10/02 14:46:26 | 000,000,142 | ---- | M] () -- C:\Users\Public\Desktop\Register for Black Prophecy .url
[2011/10/01 10:00:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/29 14:31:48 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Wallpapers by IncrediMail.lnk
[2011/09/29 14:31:48 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Augmentez la vitesse de votre ordinateur !.lnk
[2011/09/29 14:31:48 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2011/09/29 14:31:48 | 000,001,975 | ---- | M] () -- C:\Users\roro\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2011/09/24 16:17:03 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2011/09/21 15:49:20 | 000,000,840 | ---- | M] () -- C:\Users\roro\Desktop\Poême
[2011/09/14 15:08:40 | 000,006,877 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIUtils.class
[2011/09/14 15:08:40 | 000,005,762 | ---- | M] () -- C:\Users\roro\AppData\Roaming\em.class
[2011/09/14 15:08:40 | 000,005,737 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIConfig.class
[2011/09/14 15:08:40 | 000,004,712 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIController.class
[2011/09/14 15:08:40 | 000,003,974 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIView.class
[2011/09/14 15:08:40 | 000,003,031 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgCanvas.class
[2011/09/14 15:08:40 | 000,002,876 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMICompatibility.class
[2011/09/14 15:08:40 | 000,002,262 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgItemPanel.class
[2011/09/14 15:08:40 | 000,001,093 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgButton.class
[2011/09/14 15:08:40 | 000,001,059 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgWidget.class
[2011/09/14 15:08:40 | 000,000,812 | ---- | M] () -- C:\Users\roro\AppData\Roaming\mod_TooManyItems.class
[2011/09/14 15:08:40 | 000,000,564 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgZOrder.class
[2011/09/14 15:08:40 | 000,000,371 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIStateButtonData.class
[2011/09/14 15:08:40 | 000,000,169 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgButtonHandler.class
[2011/09/14 15:08:40 | 000,000,150 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgItemHandler.class
[color=#E56717]========== Fichiers créés - Pas de nom de société ==========[/color]
[2011/10/11 17:48:49 | 000,003,383 | ---- | C] () -- C:\UsbFix_Upload_Me_RORO-PC.zip
[2011/10/02 14:46:26 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\Launch Black Prophecy .lnk
[2011/10/02 14:46:26 | 000,000,142 | ---- | C] () -- C:\Users\Public\Desktop\Register for Black Prophecy .url
[2011/09/21 15:49:20 | 000,000,840 | ---- | C] () -- C:\Users\roro\Desktop\Poême
[2011/09/17 14:30:18 | 000,006,877 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIUtils.class
[2011/09/17 14:30:18 | 000,005,762 | ---- | C] () -- C:\Users\roro\AppData\Roaming\em.class
[2011/09/17 14:30:18 | 000,005,737 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIConfig.class
[2011/09/17 14:30:18 | 000,004,712 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIController.class
[2011/09/17 14:30:18 | 000,003,974 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIView.class
[2011/09/17 14:30:18 | 000,003,031 | ---- | C] () -- C:\Users\roro\AppData\Roaming\_tmi_MgCanvas.class
[2011/09/17 14:30:18 | 000,002,876 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMICompatibility.class
[2011/09/17 14:30:18 | 000,002,262 | ---- | C] () -- C:\Users\roro\AppData\Roaming\_tmi_MgItemPanel.class
[2011/09/17 14:30:18 |
It would be nice if you read my instructions to the end! ^^
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤WARNING!!!: Custom script for this machine only, do not reproduce!!
If you have XP => double click
If you have Vista or Windows 7 => right click "run as...."
on OTL.exe to launch it.
▶Copy the list that is in bold below,
▶ paste it in the area under "Customization":
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:OTL
IE - HKLM\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} https://fr.permissionresearch.com/Config/packages/pr/prsetup.cab (Setup Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Click on "Fix" to start the removal.
▶ Post the report that will logically open by itself at the end of the work after the restart.
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤-
Tous les processus ont été tués
========== PROCESSUS ==========
Aucun processus actif nommé explorer.exe n'a été trouvé !
Processus iexplore.exe tué avec succès !
Aucun processus actif nommé firefox.exe n'a été trouvé !
Aucun processus actif nommé msnmsgr.exe n'a été trouvé !
Aucun processus actif nommé Teatimer.exe n'a été trouvé !
========== OTL ==========
Valeur de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{249d74a3-bd19-4657-b6ce-e62f480a20de} supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249d74a3-bd19-4657-b6ce-e62f480a20de}\ supprimée avec succès.
C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll déplacé avec succès.
Valeur de registre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{249d74a3-bd19-4657-b6ce-e62f480a20de} supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249d74a3-bd19-4657-b6ce-e62f480a20de}\ non trouvée.
Fichier C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll non trouvé.
Début du retrait du contrôle ActiveX {2E4A92AB-F2C0-456A-9935-B715439790D7}
C:\Windows\Downloaded Program Files\prsetup.inf déplacé avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ non trouvée.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ non trouvée.
Début du retrait du contrôle ActiveX {8AD9C840-044E-11D1-B3E9-00805F499D93}
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ supprimée avec succès.
Clé de registre HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ non trouvée.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ non trouvée.
Début du retrait du contrôle ActiveX {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ supprimée avec succès.
Clé de registre HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ non trouvée.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ non trouvée.
Début du retrait du contrôle ActiveX {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ supprimée avec succès.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ non trouvée.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ non trouvée.
========== COMMANDES ==========
[VIDE LA TEMP]
Utilisateur : Tous les utilisateurs
Utilisateur : Par défaut
->Dossier Temp vidé : 0 octets
->Dossier des fichiers Internet temporaires vidé : 0 octets
->Cache Flash vidé : 53632 octets
Utilisateur : Utilisateur par défaut
->Dossier Temp vidé : 0 octets
->Dossier des fichiers Internet temporaires vidé : 0 octets
->Cache Flash vidé : 0 octets
Utilisateur : Public
Utilisateur : roro
->Dossier Temp vidé : 27638863 octets
->Dossier des fichiers Internet temporaires vidé : 1573936099 octets
->Cache Java vidé : 300053 octets
->Cache Flash vidé : 54354 octets
Fichiers .tmp de %systemdrive% supprimés : 0 octets
Fichiers .tmp de %systemroot% supprimés : 0 octets
Fichiers .tmp de %systemroot%\System32 supprimés : 0 octets
Fichiers .tmp de %systemroot%\System32\drivers supprimés : 0 octets
Dossier Temp de Windows vidé : 40644 octets
Corbeille vidé : 156 octets
Total des fichiers nettoyés = 1 528,00 mo
OTL par OldTimer - Version 3.2.29.1 journal créé le 10122011_183401
Fichiers\Dossiers déplacés au redémarrage...
Entrées de registre supprimées au redémarrage...
Is it still in English in your start menu?
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_development_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤where exactly is it found?
in the first start menu when you open it?
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤right-click on calculator => properties then copy paste its path in your response
ex:
C:\users\..etc...
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤grrrrrr!!!!!!!!
▶ Download Dr Web CureIt to your Desktop:
▶ restart in safe mode
▶- Double click (right-click "as admin" under Vista) <drweb-cureit.exe> and then click <Scan>;
▶- Click <Ok> at the prompt for the quick scan. If it finds infected processes then click the <Yes> button.
Note: a window will open with options for "Order" or "50% off": Exit by clicking the "X".
▶- When the quick scan is finished, click on the <Options> menu then <Change configuration>; Choose the <Scanner> tab, and uncheck <Heuristic analysis>. Then click <Ok>.
▶- Back in the main window: click to enable <Full scan>
select all disks
▶- Click the button with the green arrow on the right, and the scan will start.
▶- Click <Yes> to all at the prompt "Disinfect?" when a file is detected, and then click "Disinfect".
▶- When the scan is complete, see if you can click on the icon adjacent to the detected files (several sheets stacked over each other). If yes, then click on it and then click on the <Next> icon below, and choose <Move the unwanted object to quarantine>.
▶- From the main menu of the tool, at the top left, click on the <File> menu and choose <Save report>. Save the report to your Desktop. It will be named DrWeb.csv
▶- for the report you save it on your desktop, right-click on it / send to / compressed folders
then:
you send me the archive like this:
click on this link: http://www.cijoint.fr/
▶ Click on Browse and find the file above.
▶ Click on Open.
▶ Click on "Click here to drop the file".
A link of this form:
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
is added to the page.
▶ Copy this link in your reply.
▶- Close Dr.Web Cureit
▶- Restart your computer (important because some files may be moved/fixed upon restart).
--
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
-