WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

int.search-results.com / searchqu.com

Started by felix.kong , Jun 16 2011 01:59 AM

This topic is locked

50 replies to this topic

#1 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 01:59 AM

Under google chrome, when I type in the address bar I either have searchqu.com or int.search-results.com as a search engine instead of google.

Here is otl.txt

OTL logfile created on: 16/06/2011 16:07:30 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sheebalomma\Mes documents\Downloads
Windows XP Professional Edition Service Pack 3, v.5512 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

984,54 Mb Total Physical Memory | 216,12 Mb Available Physical Memory | 21,95% Memory free
2,31 Gb Paging File | 1,52 Gb Available in Paging File | 65,70% Paging File free
Paging file location(s): C:\pagefile.sys 1476 1476 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 44,00 Gb Free Space | 75,09% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 80,32 Gb Free Space | 46,08% Space Free | Partition Type: NTFS

Computer Name: MATRIX-F39662B4 | User Name: Sheebalomma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sheebalomma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Sheebalomma\Mes documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe ()
PRC - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files\VistaDriveIcon\DrvIcon.exe (artArmin)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Sheebalomma\Mes documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (.nttcsec) -- File not found
SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)
DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (VMC33E) -- C:\WINDOWS\system32\drivers\VMC33E.sys (Vimicro Corporation)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.2.8
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:1.0
FF - prefs.js..keyword.URL: "http://www.searchqu....ystemid=406&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/14 21:43:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 13:44:57 | 000,000,000 | ---D | M]

[2011/05/23 01:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Extensions
[2011/05/23 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions
[2011/02/14 05:06:59 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2011/02/14 05:06:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/14 05:06:59 | 000,000,000 | ---D | M] (Secure Login) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions\secureLogin@blueimp.net
[2011/05/23 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (Secure Login) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\secureLogin@blueimp.net
[2006/09/10 13:35:08 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2006/06/04 20:56:02 | 000,001,055 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/10 13:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2011/03/23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2008/03/29 15:59:44 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/05/24 20:38:27 | 000,499,335 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 rad.msn.com
O1 - Hosts: 127.0.0.1 rad.live.com
O1 - Hosts: 127.0.0.1 ads1.msn.com
O1 - Hosts: 127.0.0.1 adfarm.mediaplex.com
O1 - Hosts: 127.0.0.1 101com.com
O1 - Hosts: 127.0.0.1 101order.com
O1 - Hosts: 127.0.0.1 103bees.com
O1 - Hosts: 127.0.0.1 1100i.com
O1 - Hosts: 127.0.0.1 123banners.com
O1 - Hosts: 127.0.0.1 123found.com
O1 - Hosts: 127.0.0.1 123pagerank.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 207.net
O1 - Hosts: 127.0.0.1 247media.com
O1 - Hosts: 127.0.0.1 247realmedia.com
O1 - Hosts: 127.0.0.1 24pm-affiliation.com
O1 - Hosts: 127.0.0.1 2log.com
O1 - Hosts: 127.0.0.1 2mdn.net
O1 - Hosts: 127.0.0.1 2o7.net
O1 - Hosts: 127.0.0.1 4affiliate.net
O1 - Hosts: 127.0.0.1 4d5.net
O1 - Hosts: 127.0.0.1 50websads.com
O1 - Hosts: 17297 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Sheebalomma\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {2AC2402F-9F57-45E4-9B0D-F2F42F97D426} http://www.playholde...ctivex/GNax.cab (GameNateAx Class)
O16 - DPF: {646232F1-8C70-4806-9499-BA01A59FDA74} http://www.giro.or.k...ab/yessign7.cab (Reg Error: Key error.)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://www.giro.or.k...Pro3026_32k.cab (XecureCKKB Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {EE2D0084-BF23-4186-96CC-6FB778C1F978} http://hosting.gabia...GabiaWebFTP.cab (GabiaWebFTP Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\AeroStream.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\AeroStream.bmp
O27 - HKLM IFEO\keygen.exe: Debugger - StripMyRights.exe /D /L N (Systemintegrasjon AS)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/13 22:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/07 03:52:37 | 000,000,086 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{dd09b8ca-37b5-11e0-b92a-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008/04/13 19:34:30 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 17:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/09 17:37:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sheebalomma\Recent
[2011/06/09 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
[2011/06/09 13:11:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/08 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\NPKI
[2011/06/08 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\BOBBY
[2011/06/07 04:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\usb
[2011/05/28 04:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\banners1
[2011/05/25 16:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\Voyages
[2011/05/24 23:02:02 | 000,000,000 | ---D | C] -- C:\show125
[2011/05/24 20:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy
[2011/05/24 20:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/24 20:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/24 19:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PackageAware
[2011/05/23 04:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Menu Démarrer\Programmes\Google Chrome
[2011/05/23 04:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Application Data\Malwarebytes
[2011/05/23 04:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/22 21:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Local Settings\Application Data\PackageAware
[2011/05/17 23:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

========== Files - Modified Within 30 Days ==========

[2011/06/16 14:13:21 | 000,000,203 | -HS- | M] () -- C:\boot.ini
[2011/06/16 14:12:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 17:40:01 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/14 17:48:57 | 000,864,411 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\forfaitsindividuels.psd
[2011/06/09 16:35:55 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 06:39:57 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-616249376-1417001333-1002Core1cc265f48d6547a.job
[2011/06/07 16:26:41 | 000,002,761 | ---- | M] () -- C:\header.php
[2011/06/06 06:23:49 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/06/01 23:48:55 | 000,010,223 | ---- | M] () -- C:\swfobject.js
[2011/05/30 12:32:11 | 000,063,005 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\2727613.jpg
[2011/05/30 12:20:11 | 000,093,097 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\artwildx.jpg
[2011/05/30 12:13:30 | 000,153,851 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\3695446360_20090707111658_6767915313.jpg
[2011/05/30 11:57:57 | 001,758,735 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\12859880.psd
[2011/05/28 04:49:43 | 001,011,605 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\choomsarang_378_1200.psd
[2011/05/24 20:38:27 | 000,499,335 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/23 04:36:16 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/23 04:20:20 | 000,001,398 | ---- | M] () -- C:\WINDOWS\WININIT.INI

========== Files Created - No Company Name ==========

[2011/06/15 18:03:35 | 000,001,954 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
[2011/06/15 18:03:35 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
[2011/06/14 17:48:55 | 000,864,411 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\forfaitsindividuels.psd
[2011/06/09 06:39:57 | 000,001,120 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-616249376-1417001333-1002Core1cc265f48d6547a.job
[2011/06/02 00:49:15 | 000,002,761 | ---- | C] () -- C:\header.php
[2011/06/01 23:48:55 | 000,010,223 | ---- | C] () -- C:\swfobject.js
[2011/05/30 12:32:13 | 000,063,005 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\2727613.jpg
[2011/05/30 12:20:13 | 000,093,097 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\artwildx.jpg
[2011/05/30 12:13:37 | 000,153,851 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\3695446360_20090707111658_6767915313.jpg
[2011/05/30 11:57:57 | 001,758,735 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\12859880.psd
[2011/05/28 04:49:41 | 001,011,605 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\choomsarang_378_1200.psd
[2011/05/23 04:36:16 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/27 00:56:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/02/19 21:16:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/14 05:07:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/13 23:18:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/13 23:17:41 | 000,035,840 | ---- | C] () -- C:\WINDOWS\NOTEPAD.EXE
[2011/02/13 23:16:45 | 000,239,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/13 23:01:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/02/13 22:57:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2011/02/13 22:35:28 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2011/02/13 22:35:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/02/13 22:34:08 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/02/13 22:34:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2011/02/13 22:34:06 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/02/13 22:27:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 22:23:34 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/13 22:22:12 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\iColorFolder.exe
[2011/02/13 22:22:12 | 000,283,294 | ---- | C] () -- C:\WINDOWS\System32\iColorFolder.dll
[2009/03/24 10:52:22 | 000,043,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2009/03/24 10:52:20 | 000,025,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2009/03/24 10:52:18 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2008/08/22 06:44:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/22 06:44:42 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/22 06:44:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/22 06:44:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/22 06:44:42 | 000,562,682 | ---- | C] () -- C:\WINDOWS\System32\mkisofs.exe
[2008/08/22 06:44:42 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\lame.exe
[2008/08/22 06:44:42 | 000,464,712 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/08/22 06:44:42 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/22 06:44:42 | 000,453,800 | ---- | C] () -- C:\WINDOWS\System32\cdrecord.exe
[2008/08/22 06:44:42 | 000,398,494 | ---- | C] () -- C:\WINDOWS\System32\moricons2.dll
[2008/08/22 06:44:42 | 000,397,758 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/22 06:44:42 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/08/22 06:44:42 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\wget.exe
[2008/08/22 06:44:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/22 06:44:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/22 06:44:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/08/22 06:44:42 | 000,205,312 | ---- | C] () -- C:\WINDOWS\System32\helpctr.exe
[2008/08/22 06:44:42 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\UnRAR.exe
[2008/08/22 06:44:42 | 000,184,370 | ---- | C] () -- C:\WINDOWS\System32\macshift.exe
[2008/08/22 06:44:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/22 06:44:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\uni2ansi.exe
[2008/08/22 06:44:42 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/08/22 06:44:42 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\reschange.exe
[2008/08/22 06:44:42 | 000,146,232 | ---- | C] () -- C:\WINDOWS\System32\movefile.exe
[2008/08/22 06:44:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\psicon.dll
[2008/08/22 06:44:42 | 000,110,085 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2008/08/22 06:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\System32\qgrep.exe
[2008/08/22 06:44:42 | 000,073,218 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/08/22 06:44:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\mv.exe
[2008/08/22 06:44:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ln.exe
[2008/08/22 06:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\diff.exe
[2008/08/22 06:44:42 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\csplit.exe
[2008/08/22 06:44:42 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\StripReloc.exe
[2008/08/22 06:44:42 | 000,059,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/22 06:44:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/08/22 06:44:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\patch.exe
[2008/08/22 06:44:42 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\indent.exe
[2008/08/22 06:44:42 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ls.exe
[2008/08/22 06:44:42 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\GoRC.exe
[2008/08/22 06:44:42 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\xcacls.exe
[2008/08/22 06:44:42 | 000,049,236 | ---- | C] () -- C:\WINDOWS\System32\fat32format.exe
[2008/08/22 06:44:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/22 06:44:42 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\touch.exe
[2008/08/22 06:44:42 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\notepad.exe
[2008/08/22 06:44:42 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\tail.exe
[2008/08/22 06:44:42 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/08/22 06:44:42 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[2008/08/22 06:44:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\chknic.exe
[2008/08/22 06:44:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/22 06:44:42 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\md5sum.exe
[2008/08/22 06:44:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\diruse.exe
[2008/08/22 06:44:42 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\head.exe
[2008/08/22 06:44:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\split.exe
[2008/08/22 06:44:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\mvdir.exe
[2008/08/22 06:44:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\sdiff.exe
[2008/08/22 06:44:42 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\deltree.exe
[2008/08/22 06:44:42 | 000,016,852 | ---- | C] () -- C:\WINDOWS\System32\cat.exe
[2008/08/22 06:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\showacls.exe
[2008/08/22 06:44:42 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\setx.exe
[2008/08/22 06:44:42 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\cmp.exe
[2008/08/22 06:44:42 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\mcast.exe
[2008/08/22 06:44:42 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\depends.dll
[2008/08/22 06:44:42 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2008/08/22 06:44:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\pclip.exe
[2008/08/22 06:44:42 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\ifmember.exe
[2008/08/22 06:44:42 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\permcopy.exe
[2008/08/22 06:44:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/22 06:44:42 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/22 06:44:42 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pwd.exe
[2008/08/22 06:44:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/08/22 06:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\winver.exe
[2008/08/22 06:44:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/14 20:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLAN
[2011/02/14 21:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/21 01:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheebalomma\Application Data\AhnLab
[2011/02/20 02:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheebalomma\Application Data\freeTVRadio
[2011/02/14 19:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheebalomma\Application Data\Notepad++
[2011/02/16 18:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheebalomma\Application Data\OpenOffice.org
[2011/06/14 20:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheebalomma\Application Data\uTorrent
[2011/06/14 13:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sheebalomma\Application Data\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/03/17 04:20:16 | 000,234,869 | ---- | M] () -- C:\06.jpg
[2011/03/17 04:31:38 | 000,277,382 | ---- | M] () -- C:\07.jpg
[2011/02/13 22:25:49 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/16 14:13:21 | 000,000,203 | -HS- | M] () -- C:\boot.ini
[2008/08/22 06:44:42 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2011/02/13 22:25:49 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/16 21:51:29 | 000,020,791 | ---- | M] () -- C:\documentation.txt
[2011/06/07 16:26:41 | 000,002,761 | ---- | M] () -- C:\header.php
[2011/02/13 22:25:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/13 22:25:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/08/22 06:44:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/22 06:44:42 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2011/06/16 14:12:11 | 1547,698,176 | -HS- | M] () -- C:\pagefile.sys
[2011/06/01 23:48:55 | 000,010,223 | ---- | M] () -- C:\swfobject.js
[2011/03/10 22:12:24 | 000,035,568 | ---- | M] () -- C:\Taejongdae.phare.JPG

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/02/13 22:25:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/06/07 03:58:17 | 000,001,818 | -H-- | M] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/02/13 23:16:10 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/02/13 23:16:10 | 001,048,576 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/02/13 23:16:10 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/07/21 20:18:26 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2011/02/14 05:00:12 | 000,000,054 | -HS- | M] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/05/26 21:47:52 | 000,158,520 | ---- | C] ()(C:\Documents and Settings\Sheebalomma\Bureau\????????.jpg) -- C:\Documents and Settings\Sheebalomma\Bureau\땅끝대한민국지형.jpg
[2011/05/26 21:47:39 | 000,158,520 | ---- | M] ()(C:\Documents and Settings\Sheebalomma\Bureau\????????.jpg) -- C:\Documents and Settings\Sheebalomma\Bureau\땅끝대한민국지형.jpg

< End of report >

Advertisements

Register to Remove

#2 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 02:01 AM

Here is the extras.txt

OTL Extras logfile created on: 16/06/2011 16:07:30 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sheebalomma\Mes documents\Downloads
Windows XP Professional Edition Service Pack 3, v.5512 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

984,54 Mb Total Physical Memory | 216,12 Mb Available Physical Memory | 21,95% Memory free
2,31 Gb Paging File | 1,52 Gb Available in Paging File | 65,70% Paging File free
Paging file location(s): C:\pagefile.sys 1476 1476 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 44,00 Gb Free Space | 75,09% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 80,32 Gb Free Space | 46,08% Space Free | Partition Type: NTFS

Computer Name: MATRIX-F39662B4 | User Name: Sheebalomma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [open] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [a-openew] -- explorer.exe "%1" (Microsoft Corporation)
Directory [c-cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Parcourir avec XnView] -- "D:\XnView-win\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\DBGO\DBGO.exe" = C:\Program Files\DBGO\DBGO.exe:*:Enabled:DBGO2 -- (http://www.dbgo.com)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Sheebalomma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Sheebalomma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome -- (Google Inc.)
"C:\Program Files\DBGO\DBGO.exe" = C:\Program Files\DBGO\DBGO.exe:*:Enabled:DBGO2 -- (http://www.dbgo.com)
"C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe" = C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe:*:Enabled:DTX broker

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{71A51BC5-E7D3-11DB-A386-005056C00008}" = WebCam SCB-0320N
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8C8F3113-62C1-4EB9-B5F5-AEBA47FDC1D4}" = WOW XT and TSXT Filter Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.4 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AhnLab Online Security" = AhnLab Online Security
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"CCleaner" = CCleaner
"DBGO" = DBGO
"GOM Player" = GOM Player
"GomTV Launcher Plugin" = GOMTV Plug-in
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"PokerStars.fr" = PokerStars.fr
"RocketDock_is1" = RocketDock
"SumatraPDF" = Sumatra PDF Reader
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WHosts" = Windows Trust Anti-Pub
"WinRAR archiver" = WinRAR
"WORD" = Microsoft Office Word 2007
"WTIS" = Windows Trust Installer
"WVistaDriveIcon" = VistaDriveIcon
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/06/2011 22:23:51 | Computer Name = MATRIX-F39662B4 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 06/06/2011 22:23:51 | Computer Name = MATRIX-F39662B4 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 07/06/2011 13:11:38 | Computer Name = MATRIX-F39662B4 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 07/06/2011 13:11:39 | Computer Name = MATRIX-F39662B4 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 08/06/2011 04:49:48 | Computer Name = MATRIX-F39662B4 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 08/06/2011 04:49:48 | Computer Name = MATRIX-F39662B4 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 08/06/2011 07:10:12 | Computer Name = MATRIX-F39662B4 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 08/06/2011 07:10:12 | Computer Name = MATRIX-F39662B4 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 08/06/2011 11:21:10 | Computer Name = MATRIX-F39662B4 | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 08/06/2011 11:21:10 | Computer Name = MATRIX-F39662B4 | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 15/06/2011 11:40:39 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/06/2011 11:41:43 | Computer Name = MATRIX-F39662B4 | Source = Service Control Manager | ID = 7001
Description = Le service Notification d'événement système dépend du service Système
d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 15/06/2011 12:04:08 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/06/2011 12:05:16 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/06/2011 12:06:05 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/06/2011 12:06:31 | Computer Name = MATRIX-F39662B4 | Source = Service Control Manager | ID = 7001
Description = Le service Notification d'événement système dépend du service Système
d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 15/06/2011 12:51:09 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/06/2011 08:12:54 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/06/2011 08:13:12 | Computer Name = MATRIX-F39662B4 | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1058" lors de la mise en route du service EventSystem
avec les arguments "" pour démarrer le serveur : {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 16/06/2011 08:14:04 | Computer Name = MATRIX-F39662B4 | Source = Service Control Manager | ID = 7001
Description = Le service Notification d'événement système dépend du service Système
d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur : %%1058

< End of report >

Thanks in advance for your help

#3 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 16 June 2011 - 07:09 AM

Hello felix.kong and welcome to the WTT forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
• Please follow all instructions in the order posted
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• If you don't understand something, please don't hesitate to ask for clarification before proceeding
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#4 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 16 June 2011 - 07:52 AM

Hello again felix.kong

Please disable this program and leave it disabled until we are finished.

SPYBOT TEATIMER• Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
• On the left hand side, click on Tools, then click on the Resident Icon in the list.
• Uncheck the Resident TeaTimer (Protection of overall system settings) active box.
• Click on the System Startup icon in the List
• Uncheck the "TeaTimer" box and click OK at any prompts.
• If Teatimer gives you a warning that changes were made, click Allow Change when prompted.
• Exit Spybot S&D.
(When we are finished, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup).

===================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infection. If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

OK, let’s get rid of this mess.• Hold down the Windows key and press R to open a run box
• type the following text into the run box
appwiz.cpl
• This will open your Programs And Features
• A list of installed programs will appear
• Remove the following programs if they are there:
Searchqu 406 MediaBar
SaveVid Plug-in
===================================================

Run OTL

Double click on the icon to run it.
Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services :OTL FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q=" FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" [2011/03/23 14:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O16 - DPF: {646232F1-8C70-4806-9499-BA01A59FDA74} http://www.giro.or.kr/html/yessign/cab/yessign7.cab (Reg Error: Key error.) O33 - MountPoints2\{dd09b8ca-37b5-11e0-b92a-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008/04/13 19:34:30 | 000,028,672 | ---- | M] (Microsoft Corporation) :Files C:\Program Files\Windows iLivid ipconfig /flushdns /c [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe" =- :Commands [resethosts] [emptyflash] [purity] [emptytemp] [createrestorepoint] [Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:
start Malwarebytes-Anti-Malware and update it, (“Update” tab}
once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include in next post:

[b]OTL fix log
New OTL log
Mbam.txt

Please let me know how it is running now

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#5 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 01:16 PM

Here is the OTL fix log

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: "http://www.searchqu....ystemid=406&q=" removed from keyword.URL
Prefs.js: "http://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Starting removal of ActiveX control {646232F1-8C70-4806-9499-BA01A59FDA74}
C:\WINDOWS\Downloaded Program Files\yessign7.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{646232F1-8C70-4806-9499-BA01A59FDA74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{646232F1-8C70-4806-9499-BA01A59FDA74}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{646232F1-8C70-4806-9499-BA01A59FDA74}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{646232F1-8C70-4806-9499-BA01A59FDA74}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd09b8ca-37b5-11e0-b92a-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd09b8ca-37b5-11e0-b92a-806d6172696f}\ not found.
D:\setupSNK.exe moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Windows iLivid not found.
< ipconfig /flushdns /c >
Configuration IP de Windows
Impossible de vider la cache de résolution DNS : La fonction a échoué lors de l'exécution.
C:\Documents and Settings\Sheebalomma\Mes documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Sheebalomma\Mes documents\Downloads\cmd.txt deleted successfully.
File\Folder [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] not found.
File\Folder C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe" = not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrateur

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Sheebalomma
->Flash cache emptied: 529 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 597139106 bytes
->Temporary Internet Files folder emptied: 131034 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Sheebalomma
->Temp folder emptied: 1997391 bytes
->Temporary Internet Files folder emptied: 4249173 bytes
->FireFox cache emptied: 46330639 bytes
->Google Chrome cache emptied: 17048389 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78356480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 81970 bytes

Total Files Cleaned = 711,00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.0 log created on 06172011_035239

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#6 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 01:17 PM

Here is the new OTL log

OTL logfile created on: 17/06/2011 03:58:00 - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Sheebalomma\Mes documents\Downloads
Windows XP Professional Edition Service Pack 3, v.5512 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

984,54 Mb Total Physical Memory | 172,94 Mb Available Physical Memory | 17,57% Memory free
2,31 Gb Paging File | 1,67 Gb Available in Paging File | 71,98% Paging File free
Paging file location(s): C:\pagefile.sys 1476 1476 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 44,73 Gb Free Space | 76,34% Space Free | Partition Type: NTFS
Drive D: | 174,28 Gb Total Space | 80,32 Gb Free Space | 46,08% Space Free | Partition Type: NTFS

Computer Name: MATRIX-F39662B4 | User Name: Sheebalomma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sheebalomma\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Sheebalomma\Mes documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
PRC - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files\VistaDriveIcon\DrvIcon.exe (artArmin)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\Mctray.exe (McAfee, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Sheebalomma\Mes documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (.nttcsec) -- File not found
SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (SRS_PostInstaller) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe (SRS Labs, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (kcrtx86) -- C:\WINDOWS\system32\kcrtx86.sys (Kings Information & Network)
DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.SYS (SoftForum Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (VMC33E) -- C:\WINDOWS\system32\drivers\VMC33E.sys (Vimicro Corporation)
DRV - (wowfilter) -- C:\WINDOWS\system32\drivers\WOWFilter.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys (McAfee, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,customizesearch = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,searchassistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.2.8
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/14 21:43:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 13:44:57 | 000,000,000 | ---D | M]

[2011/05/23 01:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Extensions
[2011/05/23 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions
[2011/02/14 05:06:59 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2011/02/14 05:06:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/14 05:06:59 | 000,000,000 | ---D | M] (Secure Login) -- C:\Documents and Settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\extensions\secureLogin@blueimp.net
[2011/05/23 04:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (Vista on XP) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/02/13 22:30:19 | 000,000,000 | ---D | M] (Secure Login) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\secureLogin@blueimp.net
[2006/09/10 13:35:08 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2006/06/04 20:56:02 | 000,001,055 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2006/09/10 13:35:08 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2006/09/12 20:49:04 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/06/17 03:52:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe (artArmin)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SUPBackground] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Sheebalomma\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {2AC2402F-9F57-45E4-9B0D-F2F42F97D426} http://www.playholde...ctivex/GNax.cab (GameNateAx Class)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://www.giro.or.k...Pro3026_32k.cab (XecureCKKB Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {EE2D0084-BF23-4186-96CC-6FB778C1F978} http://hosting.gabia...GabiaWebFTP.cab (GabiaWebFTP Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\AeroStream.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\AeroStream.bmp
O27 - HKLM IFEO\keygen.exe: Debugger - StripMyRights.exe /D /L N (Systemintegrasjon AS)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/13 22:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/06/07 03:52:37 | 000,000,086 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 03:52:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/13 17:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/09 17:37:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Sheebalomma\Recent
[2011/06/09 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
[2011/06/09 13:11:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/08 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\NPKI
[2011/06/08 13:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\BOBBY
[2011/06/07 04:25:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\usb
[2011/05/28 04:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\banners1
[2011/05/25 16:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Bureau\Voyages
[2011/05/24 23:02:02 | 000,000,000 | ---D | C] -- C:\show125
[2011/05/24 20:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Spybot - Search & Destroy
[2011/05/24 20:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/24 20:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/24 19:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\PackageAware
[2011/05/23 04:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Menu Démarrer\Programmes\Google Chrome
[2011/05/23 04:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Application Data\Malwarebytes
[2011/05/23 04:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/22 21:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sheebalomma\Local Settings\Application Data\PackageAware

========== Files - Modified Within 30 Days ==========

[2011/06/17 04:01:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/06/17 03:54:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 03:52:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/16 14:13:21 | 000,000,203 | -HS- | M] () -- C:\boot.ini
[2011/06/15 17:40:01 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/14 17:48:57 | 000,864,411 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\forfaitsindividuels.psd
[2011/06/09 16:35:55 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 06:39:57 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-616249376-1417001333-1002Core1cc265f48d6547a.job
[2011/06/07 16:26:41 | 000,002,761 | ---- | M] () -- C:\header.php
[2011/06/06 06:23:49 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/06/01 23:48:55 | 000,010,223 | ---- | M] () -- C:\swfobject.js
[2011/05/30 12:32:11 | 000,063,005 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\2727613.jpg
[2011/05/30 12:20:11 | 000,093,097 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\artwildx.jpg
[2011/05/30 12:13:30 | 000,153,851 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\3695446360_20090707111658_6767915313.jpg
[2011/05/30 11:57:57 | 001,758,735 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\12859880.psd
[2011/05/28 04:49:43 | 001,011,605 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Bureau\choomsarang_378_1200.psd
[2011/05/23 04:36:16 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/23 04:20:20 | 000,001,398 | ---- | M] () -- C:\WINDOWS\WININIT.INI

========== Files Created - No Company Name ==========

[2011/06/15 18:03:35 | 000,001,954 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
[2011/06/15 18:03:35 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
[2011/06/14 17:48:55 | 000,864,411 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\forfaitsindividuels.psd
[2011/06/09 06:39:57 | 000,001,120 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-616249376-1417001333-1002Core1cc265f48d6547a.job
[2011/06/02 00:49:15 | 000,002,761 | ---- | C] () -- C:\header.php
[2011/06/01 23:48:55 | 000,010,223 | ---- | C] () -- C:\swfobject.js
[2011/05/30 12:32:13 | 000,063,005 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\2727613.jpg
[2011/05/30 12:20:13 | 000,093,097 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\artwildx.jpg
[2011/05/30 12:13:37 | 000,153,851 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\3695446360_20090707111658_6767915313.jpg
[2011/05/30 11:57:57 | 001,758,735 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\12859880.psd
[2011/05/28 04:49:41 | 001,011,605 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Bureau\choomsarang_378_1200.psd
[2011/05/23 04:36:16 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\Sheebalomma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/27 00:56:20 | 000,001,398 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/02/19 21:16:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/14 05:07:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/02/13 23:18:05 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/13 23:17:41 | 000,035,840 | ---- | C] () -- C:\WINDOWS\NOTEPAD.EXE
[2011/02/13 23:16:45 | 000,239,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/13 23:01:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/02/13 22:57:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2011/02/13 22:35:28 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2011/02/13 22:35:13 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/02/13 22:34:08 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/02/13 22:34:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2011/02/13 22:34:06 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/02/13 22:27:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/13 22:23:34 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/13 22:22:12 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\iColorFolder.exe
[2011/02/13 22:22:12 | 000,283,294 | ---- | C] () -- C:\WINDOWS\System32\iColorFolder.dll
[2009/03/24 10:52:22 | 000,043,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2009/03/24 10:52:20 | 000,025,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2009/03/24 10:52:18 | 000,036,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2008/08/22 06:44:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/08/22 06:44:42 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/22 06:44:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/08/22 06:44:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/08/22 06:44:42 | 000,562,682 | ---- | C] () -- C:\WINDOWS\System32\mkisofs.exe
[2008/08/22 06:44:42 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\lame.exe
[2008/08/22 06:44:42 | 000,464,712 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2008/08/22 06:44:42 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/08/22 06:44:42 | 000,453,800 | ---- | C] () -- C:\WINDOWS\System32\cdrecord.exe
[2008/08/22 06:44:42 | 000,398,494 | ---- | C] () -- C:\WINDOWS\System32\moricons2.dll
[2008/08/22 06:44:42 | 000,397,758 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/08/22 06:44:42 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2008/08/22 06:44:42 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\wget.exe
[2008/08/22 06:44:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/08/22 06:44:42 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/08/22 06:44:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2008/08/22 06:44:42 | 000,205,312 | ---- | C] () -- C:\WINDOWS\System32\helpctr.exe
[2008/08/22 06:44:42 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\UnRAR.exe
[2008/08/22 06:44:42 | 000,184,370 | ---- | C] () -- C:\WINDOWS\System32\macshift.exe
[2008/08/22 06:44:42 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/08/22 06:44:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\uni2ansi.exe
[2008/08/22 06:44:42 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/08/22 06:44:42 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\reschange.exe
[2008/08/22 06:44:42 | 000,146,232 | ---- | C] () -- C:\WINDOWS\System32\movefile.exe
[2008/08/22 06:44:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\psicon.dll
[2008/08/22 06:44:42 | 000,110,085 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2008/08/22 06:44:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\System32\qgrep.exe
[2008/08/22 06:44:42 | 000,073,218 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2008/08/22 06:44:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\mv.exe
[2008/08/22 06:44:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ln.exe
[2008/08/22 06:44:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\diff.exe
[2008/08/22 06:44:42 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\csplit.exe
[2008/08/22 06:44:42 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\StripReloc.exe
[2008/08/22 06:44:42 | 000,059,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/08/22 06:44:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/08/22 06:44:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\patch.exe
[2008/08/22 06:44:42 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\indent.exe
[2008/08/22 06:44:42 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\ls.exe
[2008/08/22 06:44:42 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\GoRC.exe
[2008/08/22 06:44:42 | 000,049,664 | ---- | C] () -- C:\WINDOWS\System32\xcacls.exe
[2008/08/22 06:44:42 | 000,049,236 | ---- | C] () -- C:\WINDOWS\System32\fat32format.exe
[2008/08/22 06:44:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/08/22 06:44:42 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\touch.exe
[2008/08/22 06:44:42 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\notepad.exe
[2008/08/22 06:44:42 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\tail.exe
[2008/08/22 06:44:42 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2008/08/22 06:44:42 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\instsrv.exe
[2008/08/22 06:44:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\chknic.exe
[2008/08/22 06:44:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/08/22 06:44:42 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\md5sum.exe
[2008/08/22 06:44:42 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\diruse.exe
[2008/08/22 06:44:42 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\head.exe
[2008/08/22 06:44:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\split.exe
[2008/08/22 06:44:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\mvdir.exe
[2008/08/22 06:44:42 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\sdiff.exe
[2008/08/22 06:44:42 | 000,019,083 | ---- | C] () -- C:\WINDOWS\System32\deltree.exe
[2008/08/22 06:44:42 | 000,016,852 | ---- | C] () -- C:\WINDOWS\System32\cat.exe
[2008/08/22 06:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\showacls.exe
[2008/08/22 06:44:42 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\setx.exe
[2008/08/22 06:44:42 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\cmp.exe
[2008/08/22 06:44:42 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\mcast.exe
[2008/08/22 06:44:42 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\depends.dll
[2008/08/22 06:44:42 | 000,008,636 | ---- | C] () -- C:\WINDOWS\System32\modifyPE.exe
[2008/08/22 06:44:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\pclip.exe
[2008/08/22 06:44:42 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\ifmember.exe
[2008/08/22 06:44:42 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\permcopy.exe
[2008/08/22 06:44:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/08/22 06:44:42 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/08/22 06:44:42 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pwd.exe
[2008/08/22 06:44:42 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/08/22 06:44:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\winver.exe
[2008/08/22 06:44:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Files - Unicode (All) ==========
[2011/05/26 21:47:52 | 000,158,520 | ---- | C] ()(C:\Documents and Settings\Sheebalomma\Bureau\????????.jpg) -- C:\Documents and Settings\Sheebalomma\Bureau\땅끝대한민국지형.jpg
[2011/05/26 21:47:39 | 000,158,520 | ---- | M] ()(C:\Documents and Settings\Sheebalomma\Bureau\????????.jpg) -- C:\Documents and Settings\Sheebalomma\Bureau\땅끝대한민국지형.jpg

< End of report >

#7 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 01:19 PM

Here is the Mbam.txt Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6872 Windows 5.1.2600 Service Pack 3, v.5512 Internet Explorer 7.0.5730.13 17/06/2011 04:10:59 mbam-log-2011-06-17 (04-10-59).txt Type d'examen: Examen rapide Elément(s) analysé(s): 156776 Temps écoulé: 4 minute(s), 54 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

#8 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 01:20 PM

Thanks a lot for your help but unfortunately the problems still remains

#9 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 16 June 2011 - 04:58 PM

Felix

Try this:• Click on Start, Run and type in services.msc
• Scroll down to “Client DNS”.
• Under “Type de démarrage” it should say Démarré
• If it doesn’t, right-click on it and choose Propriétés
• Click on the downward-pointing arrow at the right of “Type de démarrage” and change it to Démarré
Please tell me exactly what problem remains

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#10 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 16 June 2011 - 11:55 PM

Under "type de demarrage", it says "desactive" which means "deactivated". The other options are "automatique" or " manuel". The problem that remains is still the same I had at the very beginning which is when I use Google Chrome, I should be able to use the address bar as a regular Google search bar. However, whenever I type in the address bar, I get redirected to searchqu.com and then int.search-results.com (e.g : I type in the word "computer" and get redirected to the following link "http://int.search-re...rb:o=100000049"). Thanks again for your help !

Advertisements

Register to Remove

#11 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 17 June 2011 - 12:50 AM

Hi felix

Set the Client DNS to "automatique"

Run aswMBR

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Thanks

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#12 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 17 June 2011 - 01:20 AM

Here we go aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software Run date: 2011-06-17 16:21:10 ----------------------------- 16:21:10.296 OS Version: Windows 5.1.2600 Service Pack 3, v.5512 16:21:10.296 Number of processors: 2 586 0x170A 16:21:10.296 ComputerName: MATRIX-F39662B4 UserName: Sheebalomma 16:21:11.281 Initialize success 16:22:03.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 16:22:03.609 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 3 16:22:05.640 Disk 0 MBR read successfully 16:22:05.656 Disk 0 MBR scan 16:22:05.656 Disk 0 unknown MBR code 16:22:07.671 Disk 0 scanning sectors +488376000 16:22:07.750 Disk 0 scanning C:\WINDOWS\system32\drivers 16:22:18.890 Service scanning 16:22:20.000 Disk 0 trace - called modules: 16:22:20.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 16:22:20.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f76ab8] 16:22:20.078 3 CLASSPNP.SYS[f7639fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f56d98] 16:22:20.093 Scan finished successfully 16:22:37.031 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sheebalomma\Bureau\MBR.dat" 16:22:37.078 The log file has been saved successfully to "C:\Documents and Settings\Sheebalomma\Bureau\aswMBR.txt"

#13 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 20 June 2011 - 12:52 AM

Hi felix

Apologies for the delay. I thought I had posted this reply 3 days ago but for some reason it didn/t go and I've just noticed.

==========================================

Did you change the Client DNS?

==========================================

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log. Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#14 felix.kong

Authentic Member

Authentic Member
26 posts

Posted 22 June 2011 - 01:54 AM

Hi Satchfan !

Here is the combofix.txt

ComboFix 11-06-21.06 - Sheebalomma 22/06/2011 16:50:40.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.985.451 [GMT 2:00]
Lancé depuis: c:\documents and settings\Sheebalomma\Mes documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Exécution préalable -------
.
c:\windows\system32\head.exe
c:\windows\system32\instsrv.exe
c:\windows\system32\JRSKD24.SYS
c:\windows\system32\ln.exe
c:\windows\system32\msconfig.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_JRSKD24
-------\Service_JRSKD24
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-22 au 2011-06-22 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-22 14:28 . 2011-06-22 14:28 -------- d-----w- c:\windows\system32\xircom
2011-06-22 14:28 . 2011-06-22 14:28 -------- d-----w- c:\windows\system32\wbem\snmp
2011-06-22 14:28 . 2011-06-22 14:28 -------- d-----w- c:\windows\system32\oobe
2011-06-22 14:28 . 2011-06-22 14:28 -------- d-----w- c:\windows\srchasst
2011-06-22 14:28 . 2011-06-22 14:28 -------- d-----w- c:\windows\msagent
2011-06-22 14:28 . 2011-06-22 14:28 -------- d-----w- c:\program files\microsoft frontpage
2011-06-17 02:01 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-17 02:01 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-17 02:01 . 2011-06-17 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-17 01:52 . 2011-06-17 01:52 -------- d-----w- C:\_OTL
2011-06-01 21:48 . 2011-06-01 21:48 10223 ----a-w- C:\swfobject.js
2011-05-24 21:02 . 2011-05-24 21:02 -------- d-----w- C:\show125
2011-05-24 18:26 . 2011-06-17 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-24 18:26 . 2011-05-24 18:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-24 17:44 . 2011-05-24 17:44 -------- d-----w- c:\program files\Fichiers communs\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-22 . E0593C5746742DFB99A45B9D1234EBFB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-08-22 04:44 . CF6C345F986366602C8991E8D3AF2734 . 1450496 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-08-22 . CFB4FF5FD540BBCBD1134166C5EC7E47 . 561152 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-08-22 . F9FC4055EFEC3DEA100E07587255AD2A . 663552 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-08-22 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-08-22 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-08-22 . 43000A24B04F9D774073224D531E1350 . 531456 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-08-22 . 742D026056DE0D5701A6AC7466D325C6 . 1501184 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-08-22 . 473F4024D2AFA668F319BCAB20F4F539 . 230912 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2008-08-22 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll
.
.
[-] 2008-08-22 . 13EBAA219D33B5DBE318A9E746369A81 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-08-22 . 0D17D896B613F169F7041E020E09D21C . 25600 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
[-] 2008-08-22 . DFC1C06F3F288B47C01940F73694BAF9 . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
[-] 2008-08-22 . 3BBF338DB2D43E8E5B2E9FC4A89A982C . 2165760 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2008-08-22 . 881377CC96BAF0E037A481FD5AC8772F . 2287104 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
c:\windows\System32\wscntfy.exe ... manque !!
c:\windows\System32\regsvc.dll ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\VistaDriveIcon\DrvIcon.exe" [2008-04-13 49152]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2009-06-01 3159040]
"SUPBackground"="c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe" [2009-05-20 298664]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-08-22 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-08-22 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-08-22 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-08-22 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-02 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-02 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-02 150040]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\documents and settings\Sheebalomma\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2011-2-13 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
"NoNetConnectDisconnect"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoStrCmpLogical"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Sheebalomma\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\DBGO\\DBGO.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [13/02/2011 22:35 4300]
R2 SRS_PostInstaller;SRS PostInstaller Service;c:\program files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller2.exe [24/03/2009 10:52 74992]
R3 VMC33E;Vimicro Camera Service VMC33E;c:\windows\system32\drivers\VMC33E.sys [13/02/2011 22:34 237952]
R3 wowfilter;WOW XT Filter Driver;c:\windows\system32\drivers\WOWFilter.sys [24/03/2009 10:52 25560]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [13/02/2011 22:30 1684736]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [21/03/2011 01:37 126048]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [17/06/2011 04:01 39984]
S4 .nttcsec;.nttcsec; [x]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - HELPSVC
.
Contenu du dossier 'Tâches planifiées'
.
2011-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-507921405-616249376-1417001333-1002Core1cc265f48d6547a.job
- c:\documents and settings\Sheebalomma\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-23 02:34]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
ucustomizesearch = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.11.1
DPF: {2AC2402F-9F57-45E4-9B0D-F2F42F97D426} - hxxp://www.playholdem.co.kr/activex/GNax.cab
DPF: {EE2D0084-BF23-4186-96CC-6FB778C1F978} - hxxp://hosting.gabia.com/popup/webftp/GabiaWebFTP.cab
FF - ProfilePath - c:\documents and settings\Sheebalomma\Application Data\Mozilla\Firefox\Profiles\pwur3you.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Secure Login: secureLogin@blueimp.net - %profile%\extensions\secureLogin@blueimp.net
FF - Ext: Vista on XP: {07b2a769-ed19-4483-87ce-c643914c81b1} - %profile%\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1}
.
.
------- Associations de fichier -------
.
.reg=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-22 16:53
Windows 5.1.2600 Service Pack 3, v.5512 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\SETUPAPI.dll
.
- - - - - - - > 'lsass.exe'(1132)
c:\windows\system32\setupapi.dll
c:\windows\system32\scecli.dll
.
- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\COMRes.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Heure de fin: 2011-06-22 16:54:42
ComboFix-quarantined-files.txt 2011-06-22 14:54
.
Avant-CF: 47 577 755 648 octets libres
Après-CF: 47 567 265 792 octets libres
.
- - End Of File - - 642498326FB1D8EE4605D57306044FC6

#15 Satchfan

SuperHelper

Malware Team
6,813 posts

Interests:LFC, music, more LFC, more music

Posted 22 June 2011 - 06:50 AM

Hi Felix What remaining problems do you have? Satchfan

NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

Body Background

skin color theme