Jump to content

tybreizh29

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Maurice, It gave nothing. As we spent too many time, I've decided to reinstall win7. No more hlktmp but some software to reinstall, the win7 restore software delete my data disk ( stupid software, it says it will erase the windows disk, but not the other disk where it only had 1 file to restore, delete 200GB of pictures to write a 10K file ! ). A chance I had some backup. Anyway, thank you very much for all your help. Marc
  2. voilà : the files are rather old 23 dec 2011 for both detected files ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=16463254037bb145a1b5de0fe64f5053 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-08-08 06:14:02 # local_time=2012-08-08 08:14:02 ) # country="France" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 774078 78601454 505472 0 # compatibility_mode=5893 16776573 100 94 89201 96076798 0 0 # compatibility_mode=8192 67108863 100 0 678 678 0 0 # scanned=169933 # found=2 # cleaned=0 # scan_time=4035 C:\download\FLVPlayerSetup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I C:\download\SUPERsetup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
  3. first below is is the OFT after the commands : Then I disabled ALL services and startup progs (btw win is very ugly with all it's stuff) I uninstalled vmware & tortoise because they keep staying in the logs here is the oft log I passed. Win7 enabled after me some services but looks fine to me: hlktmp is again created I think it's a malware but an update of flash canceled the effects All processes killed ========== PROCESSES ========== ========== FILES ========== File move failed. C:\Windows\Temp\hlktmp scheduled to be moved on reboot. recycler not found in C:\ recycler not found in D:\ ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: isabelle ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: isabelle.PC-marc ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: marc ->Temp folder emptied: 780 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 159464402 bytes ->Flash cache emptied: 2356 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 8425254 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 160,00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: isabelle ->Flash cache emptied: 0 bytes User: isabelle.PC-marc ->Flash cache emptied: 0 bytes User: marc ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08072012_182212 Files\Folders moved on Reboot... File move failed. C:\Windows\Temp\hlktmp scheduled to be moved on reboot. File move failed. C:\Windows\temp\vmware-Système\vmauthd.log scheduled to be moved on reboot. C:\Windows\temp\vmware-Système\vmware-usbarb-Système-2064.log moved successfully. PendingFileRenameOperations files... [2012/08/07 18:24:57 | 008,405,015 | ---- | M] () C:\Windows\Temp\hlktmp : Unable to obtain MD5 [2012/08/07 18:25:11 | 000,003,502 | ---- | M] () C:\Windows\temp\vmware-Système\vmauthd.log : Unable to obtain MD5 File C:\Windows\temp\vmware-Système\vmware-usbarb-Système-2064.log not found! Registry entries deleted on Reboot... ******************************************************************************************************************** ******************************************************************************************************************** ******************************************************************************************************************** ******************************************************************************************************************** OTL logfile created on: 07/08/2012 19:29:40 - Run 5 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\marc\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 75,03% Memory free 6,00 Gb Paging File | 5,24 Gb Available in Paging File | 87,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 189,05 Gb Total Space | 122,61 Gb Free Space | 64,86% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 49,78 Gb Free Space | 21,38% Space Free | Partition Type: NTFS Computer Name: PC-MARC | User Name: marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/07 17:47:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe PRC - [2011/08/31 18:05:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/29 19:36:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ========== Modules (No Company Name) ========== MOD - [2010/07/04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2009/11/04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll ========== Win32 Services (SafeList) ========== SRV - [2012/08/04 11:49:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/28 19:11:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/08/31 18:05:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011/05/17 19:56:04 | 000,008,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2011/04/29 19:36:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/01 23:09:48 | 006,074,368 | ---- | M] () [Disabled | Stopped] -- D:\Databases\bin\mysqld.exe -- (MySQL) SRV - [2009/12/16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Disabled | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\vmci.sys -- (vmci) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\marc\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqph90cd) DRV - [2012/08/04 12:19:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/08/31 18:05:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/08/31 18:05:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2010/06/25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/06/17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/06/13 10:12:05 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/05/16 15:16:34 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009/12/09 22:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009/08/20 08:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2009/08/04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009/08/04 17:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009/07/06 15:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2009/07/06 15:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/03/20 15:50:16 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008/03/20 15:50:16 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [1998/03/03 14:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mgnt.sys -- (MicroGuard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 5B 15 F4 19 62 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {46EFB80E-89CF-4F04-9263-D854E15EA830} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{46EFB80E-89CF-4F04-9263-D854E15EA830}: "URL" = http://www.google.fr/search?hl=fr&q={searchTerms}+&meta= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.searchbox.width: 267 FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.2 FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.7 FF - prefs.js..extensions.enabledItems: formhistory@yahoo.com:1.2.8.1 FF - prefs.js..extensions.enabledItems: savecomplete@perlprogrammer.com:1.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..network.proxy.backup.ftp: "63.238.216.26" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "63.238.216.26" FF - prefs.js..network.proxy.backup.gopher_port: 80 FF - prefs.js..network.proxy.backup.socks: "63.238.216.26" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "63.238.216.26" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "152.3.138.4" FF - prefs.js..network.proxy.ftp_port: 3127 FF - prefs.js..network.proxy.gopher: "152.3.138.4" FF - prefs.js..network.proxy.gopher_port: 3127 FF - prefs.js..network.proxy.http_port: 3127 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "152.3.138.4" FF - prefs.js..network.proxy.socks_port: 3127 FF - prefs.js..network.proxy.ssl: "152.3.138.4" FF - prefs.js..network.proxy.ssl_port: 3127 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:11:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/05 20:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/19 21:49:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/10/17 21:22:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 19:11:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/05 20:50:27 | 000,000,000 | ---D | M] [2010/05/15 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions [2010/05/15 19:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/07/25 19:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions [2011/02/04 18:26:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010/08/30 09:34:23 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2012/03/29 20:36:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/05/15 19:04:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2) [2011/03/11 20:29:50 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [2012/06/16 07:56:02 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\donottrackplus@abine.com [2012/05/20 08:22:18 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\en-US@dictionaries.addons.mozilla.org [2012/07/13 19:08:37 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\es-es@dictionaries.addons.mozilla.org [2011/10/08 08:42:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\fr-moderne@dictionaries.addons.mozilla.org [2011/03/21 19:09:19 | 000,000,000 | ---D | M] (Personas) -- C:\Users\marc\AppData\Roaming\mozilla\Firefox\Profiles\rxbtyxna.default\extensions\personas@christopher.beard [2010/01/16 15:57:04 | 000,002,172 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\rxbtyxna.default\searchplugins\bing.xml [2012/08/05 21:32:35 | 000,001,613 | ---- | M] () -- C:\Users\marc\AppData\Roaming\Mozilla\Firefox\Profiles\rxbtyxna.default\searchplugins\ixquick---francais.xml [2012/01/11 19:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/03 19:37:28 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXBTYXNA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011/11/19 21:44:09 | 000,018,894 | ---- | M] () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RXBTYXNA.DEFAULT\EXTENSIONS\HISTORYBLOCK@KAIN.XPI [2012/07/28 19:11:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/04/15 20:40:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012/03/14 19:16:48 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml [2012/03/14 19:16:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/14 19:16:48 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/03/14 19:16:48 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml [2012/03/14 19:16:48 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/03/14 19:16:48 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2012/07/30 20:36:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Sites de confiance) O16 - DPF: {369383F8-C8B7-42E1-819E-D47E3ABAD4BC} http://192.168.0.200:8080/cgi-bin/QNAPG726.cab (Reg Error: Key error.) O16 - DPF: {4DA8C6E4-312A-4A8F-B02B-491B2BF09CF2} http://192.168.0.200:8080/cgi-bin/QNAPQ264.cab (Reg Error: Key error.) O16 - DPF: {603E0052-7B06-496B-A04B-192419174876} http://192.168.0.200:8080/cgi-bin/QNAPQIVG.cab (Reg Error: Key error.) O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.0.110/UltraMJCamX.cab (Reg Error: Key error.) O16 - DPF: {937FE81C-FECF-4A55-9754-49D6D6550EDC} http://192.168.0.200:8080/cgi-bin/NNVRVMon.cab (NAS NVR(V) Monitor) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.0.111/codebase/DVM_IPCam2.ocx (Reg Error: Key error.) O16 - DPF: {B824D61F-DAF3-40BF-BA5E-430D250FF51C} http://192.168.0.200:8080/cgi-bin/QNAPQMP4.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5F2CE2F-C516-4428-8758-7178B1E1ABAB} http://192.168.0.200:8080/cgi-bin/QNAPQVivoTek.cab (VivoTek AVDecoder) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E}: NameServer = 212.27.40.240,212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6E22CFB-0BD4-408E-9A60-7B0072403E7C}: DhcpNameServer = 212.27.40.240 212.27.40.241 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/07 19:16:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/08/07 18:32:20 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/08/07 18:22:12 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/07 17:47:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe [2012/08/07 07:22:20 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\marc\Desktop\TFC.exe [2012/08/05 21:03:24 | 000,000,000 | ---D | C] -- C:\FRST [2012/08/05 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\marc\DoctorWeb [2012/08/05 20:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/08/05 20:50:27 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/08/05 20:50:27 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/08/05 20:50:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/05 20:50:22 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/05 20:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/08/05 16:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/08/05 10:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune [2012/08/04 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\SKIDROW [2012/08/04 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\marc\Documents\Duke Nukem Forever [2012/08/04 13:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012/08/04 12:12:03 | 000,000,000 | ---D | C] -- C:\Users\marc\Desktop\malware [2012/08/02 21:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/08/02 21:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012/08/02 20:41:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/30 21:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/07/30 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/07/30 20:36:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/07/30 20:31:50 | 000,000,000 | ---D | C] -- C:\Users\marc\AppData\Local\temp [2012/07/30 19:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012/07/30 19:18:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/30 19:18:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/30 19:18:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/30 19:16:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/07/13 10:18:36 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/07/13 10:18:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/07/13 10:18:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/07/13 10:18:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/07/13 10:18:34 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/07/13 10:18:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/07/13 10:18:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/07/13 10:16:58 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/07/13 10:16:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012/07/13 10:16:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012/07/13 10:16:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll ========== Files - Modified Within 30 Days ========== [2012/08/07 19:29:02 | 000,030,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/07 19:29:02 | 000,030,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/07 19:26:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/07 19:26:40 | 2414,772,224 | -HS- | M] () -- C:\hiberfil.sys [2012/08/07 19:21:57 | 000,704,276 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012/08/07 19:21:57 | 000,615,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/08/07 19:21:57 | 000,130,582 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012/08/07 19:21:57 | 000,106,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/08/07 19:14:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/07 19:14:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/07 17:49:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/07 17:47:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\OTL.exe [2012/08/07 07:22:23 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\marc\Desktop\TFC.exe [2012/08/06 20:03:08 | 000,313,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/08/05 20:50:10 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/08/05 20:50:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/05 20:50:09 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/08/05 20:50:09 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012/08/05 20:50:09 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/04 13:45:02 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\Duke Nukem Forever.lnk [2012/08/04 12:19:42 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys [2012/08/04 11:49:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/08/04 11:49:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/08/04 08:31:02 | 000,000,600 | ---- | M] () -- C:\Users\marc\AppData\Local\PUTTY.RND [2012/07/31 21:08:01 | 000,002,054 | -H-- | M] () -- C:\Users\marc\Documents\Default.rdp [2012/07/30 21:37:54 | 000,206,376 | RHS- | M] () -- C:\grldr [2012/07/30 21:35:16 | 000,202,356 | ---- | M] () -- C:\Users\marc\Documents\cc_20120730_213508.reg [2012/07/30 20:36:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/07/28 19:11:28 | 000,001,990 | ---- | M] () -- C:\Users\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/08/04 13:45:02 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\Duke Nukem Forever.lnk [2012/07/30 21:37:54 | 000,206,376 | RHS- | C] () -- C:\grldr [2012/07/30 21:35:11 | 000,202,356 | ---- | C] () -- C:\Users\marc\Documents\cc_20120730_213508.reg [2012/07/30 19:36:02 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/30 19:18:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/30 19:18:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/30 19:18:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/30 19:18:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/30 19:18:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/07 18:33:40 | 000,798,720 | ---- | C] () -- C:\Windows\System32\FCPlayer.dll [2012/06/07 18:33:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\FCNetLib.dll [2012/06/07 18:33:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FCSDK.dll [2012/06/04 18:47:32 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FCPlayer.exe [2012/04/09 10:19:46 | 000,003,950 | ---- | C] () -- C:\Users\marc\.recently-used.xbel [2011/12/23 19:32:58 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/05/17 19:56:45 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011/04/04 18:53:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/03/31 19:50:05 | 000,040,480 | ---- | C] () -- C:\Windows\System32\drivers\mgnt.sys [2011/03/31 19:41:02 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL [2010/09/19 17:39:59 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010/08/16 21:31:16 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010/08/16 21:31:16 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010/08/16 21:31:09 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2010/08/16 21:26:02 | 000,008,236 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010/07/23 11:31:34 | 000,000,600 | ---- | C] () -- C:\Users\marc\AppData\Local\PUTTY.RND [2010/07/19 20:55:24 | 000,000,017 | ---- | C] () -- C:\Users\marc\AppData\Local\resmon.resmoncfg [2010/06/12 09:53:03 | 000,001,521 | ---- | C] () -- C:\Users\marc\scanxlelm.cfg [2010/06/12 09:45:58 | 000,001,345 | ---- | C] () -- C:\Users\marc\scanxlelmscan.cfg [2010/06/12 09:43:47 | 000,003,072 | ---- | C] () -- C:\ProgramData\ppe_fleetdb.vdb [2010/05/22 11:56:10 | 000,000,600 | ---- | C] () -- C:\Users\marc\PUTTY.RND [2010/05/22 11:44:36 | 000,000,600 | ---- | C] () -- C:\Users\marc\AppData\Roaming\winscp.rnd < End of report >
  4. I've got a NAS on the network (qnap raid5) mounted manually with samba
  5. no my hardware are: 1 sata disk - bootable - win7 1 sata disk raid 1 - my data 1 sata dvd no usb memory pluged in 1 graphic card the motherboard (gigabyte) USB keyboard + mouse
  6. Now : I have a file which is created at each boot : C:\Windows\Temp\hlktmp size 8,01 Mo (8 405 015 bits) on the GUI no visible symptom ! (no more the ransom screen since flash player has been updated). A friend gave me a linux bootable cd with Avira pro, nothing found.
  7. The log size is more than 11Mo ! I put in a 7z archive, put I guess it's not good for your security but 673Ko size now. it's here http://dl.free.fr/qK6sN9Hp8 (free.fr is my provider) what do you want me to do ? is a win7 localinstall attached is the arn file, it's a bin so I attached it as a txt, I'm not sure you like it too AutoRuns.arn.txt
  8. It's funny, in another forum I used to help people (French users of Ford Mustang's) that have electrical or electronic problems with their cars. I bought mine in the USA but Ford France does not support the car (no spare parts, no help ... ) I'm 44 and it's the first time I really need some help to remove a virus (usually I do it logging the registry or the disk but not now)
  9. Hi Maurice, To be honest is choose the place where there were as many posts as possible, as my tests & forum reading show me that my malware was more tricky that those I found in the forum, your forum seemed fine for me, English or French I don't really mind. The scan was finished at 1:30 am, and now I'm at work and I noticed you asked for the DrWeb.cvs ! It's at home, I'll post I this evening (my evening). To summarize it as found some virus that were in quarantine in Avira's directory, and some false positive (vvncviewer, tomtom software and your soft OTL.exe) that's all. Is there a way to find who is creating the hlktmp file at boot time, procmon just tell me "svhost.exe create c:\windows\temp\hlktmp" and I see the protection set to that file, but not who creates it
  10. I get the malware the 30th of July and i used Isabelle account to update flash player later in the day. (it's in the log, but I just explain if it can help)
  11. here it is : Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 Ran by Système at 05-08-2012 20:03:31 Running from G:\ Windows 7 Professional (X86) OS Language: French Standard The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [163872 2009-06-30] (NVIDIA Corporation) Tcpip\..\Interfaces\{AB26030B-D226-4422-934A-A1A7A6260A9E}: [NameServer]212.27.40.240,212.27.40.241 ================================ Services (Whitelisted) ================== 2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [136360 2011-04-29] (Avira GmbH) 2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [269480 2011-08-31] (Avira GmbH) 2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-14] (Microsoft Corporation) 3 hasplms; C:\Windows\system32\hasplms.exe -run [3750400 2009-12-16] (SafeNet Inc.) 2 KMService; C:\Windows\system32\srvany.exe [8192 2011-05-17] () 3 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation) 2 simptcp; C:\Windows\System32\tcpsvcs.exe [9216 2009-07-14] (Microsoft Corporation) 3 T3Srv; "C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx86\T3Srv.exe" [457312 2010-03-18] (FLIR) 2 VMAuthdService; "C:\Program Files\VMware\VMware Player\vmware-authd.exe" [79872 2011-11-13] (VMware, Inc.) 2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [354416 2011-11-13] (VMware, Inc.) 2 VMUSBArbService; "C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe" [665200 2011-08-29] (VMware, Inc.) 2 VMware NAT Service; C:\Windows\system32\vmnat.exe [433264 2011-11-13] (VMware, Inc.) 3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x] ========================== Drivers (Whitelisted) ============= 2 aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.) 1 avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH) 2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [66616 2011-08-31] (Avira GmbH) 1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-08-31] (Avira GmbH) 3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [14216 2010-01-20] () 3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [8456 2010-01-20] () 3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57536 2008-03-20] (FTDI Ltd.) 3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [72000 2008-03-20] (FTDI Ltd.) 3 gdrv; \??\C:\Windows\gdrv.sys [17488 2012-08-04] (Windows ® 2000 DDK provider) 2 hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.) 2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [32496 2011-08-29] (VMware, Inc.) 3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.) 3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.) 2 MicroGuard; \??\C:\Windows\system32\drivers\mgnt.sys [40480 1998-03-03] () 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () 2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.) 3 pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [20080 2010-11-06] () 0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-06-13] (Duplex Secure Ltd.) 1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) 0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [79408 2007-09-05] (PACE Anti-Piracy, Inc.) 3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-14] (Microsoft Corporation) 3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [25584 2011-11-13] (VMware, Inc.) 3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16624 2011-11-13] (VMware, Inc.) 2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [36464 2011-11-13] (VMware, Inc.) 2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [25712 2011-11-13] (VMware, Inc.) 2 vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [55664 2011-11-13] (VMware, Inc.) 3 catchme; \??\C:\Users\marc\AppData\Local\Temp\catchme.sys [x] 3 MySQL; "D:\Databases\bin\mysqld" --defaults-file="D:\Databases\my.ini" MySQL [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-05 18:24 - 2012-08-05 18:24 - 00000186 ____A C:\Users\marc\Desktop\ckfiles.txt 2012-08-05 18:23 - 2012-08-05 18:23 - 00458240 ____A () C:\Users\marc\Desktop\CKScanner.exe 2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\isabelle.PC-marc\Desktop\NTREGOPT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\isabelle.PC-marc\Desktop\ERUNT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000000 ____D C:\Program Files\ERUNT 2012-08-05 09:05 - 2012-08-05 09:05 - 00000000 ____D C:\Program Files\HD Tune 2012-08-04 12:46 - 2012-08-04 12:47 - 00000000 ____D C:\Users\marc\Documents\Duke Nukem Forever 2012-08-04 12:46 - 2012-08-04 12:46 - 00000000 ____D C:\Users\marc\AppData\Local\SKIDROW 2012-08-04 12:45 - 2012-08-04 12:45 - 00001793 ____A C:\Users\Public\Desktop\Duke Nukem Forever.lnk 2012-08-04 11:12 - 2012-08-05 16:03 - 00000000 ____D C:\Users\marc\Desktop\malware 2012-08-04 11:11 - 2012-08-04 11:11 - 00001216 ____A C:\AdwCleaner[R1].txt 2012-08-02 20:04 - 2012-08-02 20:04 - 00000000 ____D C:\Users\All Users\Kaspersky Lab 2012-08-02 20:04 - 2012-08-02 20:04 - 00000000 ____D C:\Program Files\Kaspersky Lab 2012-08-02 19:49 - 2012-08-02 19:49 - 00011707 ____A C:\ComboFix.txt 2012-08-02 19:41 - 2012-08-02 19:49 - 00000000 ____D C:\Qoobox 2012-07-31 19:27 - 2012-07-31 19:27 - 00000376 ____A C:\Windows\PFRO.log 2012-07-30 20:42 - 2012-08-05 14:29 - 00000762 ____A C:\Windows\setupact.log 2012-07-30 20:42 - 2012-07-30 20:42 - 00000000 ____A C:\Windows\setuperr.log 2012-07-30 20:37 - 2012-07-30 20:37 - 00206376 __RSH C:\grldr 2012-07-30 20:35 - 2012-07-30 20:35 - 00202356 ____A C:\Users\marc\Documents\cc_20120730_213508.reg 2012-07-30 20:33 - 2012-07-30 20:33 - 00000000 ____D C:\Program Files\CCleaner 2012-07-30 18:43 - 2012-07-30 18:43 - 01091128 ____A C:\Users\isabelle.PC-marc\Downloads\Unlocker1.9.1.exe 2012-07-30 18:43 - 2012-07-30 18:43 - 00000000 ____D C:\Program Files\Unlocker 2012-07-30 18:36 - 2012-08-05 18:49 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-30 18:34 - 2012-07-30 18:34 - 00354184 ____A C:\Users\isabelle.PC-marc\Downloads\installer_flash_player_French.exe 2012-07-30 18:32 - 2012-07-30 18:32 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Notepad++ 2012-07-30 18:18 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe 2012-07-30 18:18 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe 2012-07-30 18:18 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-07-30 18:18 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-07-30 18:18 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-07-30 18:18 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe 2012-07-30 18:18 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe 2012-07-30 18:18 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe 2012-07-30 18:17 - 2012-07-30 18:17 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Avira 2012-07-30 18:16 - 2012-08-04 08:41 - 00000000 ____D C:\Windows\erdnt 2012-07-30 18:16 - 2012-07-30 18:16 - 04722436 ___RA (Swearware) C:\Users\isabelle.PC-marc\Downloads\ComboFix.exe 2012-07-30 18:00 - 2012-07-30 18:00 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\Eraser 6 2012-07-30 17:58 - 2012-07-30 17:58 - 00068552 ____A C:\Users\isabelle.PC-marc\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-30 17:46 - 2012-07-30 17:46 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Adobe 2012-07-30 17:46 - 2012-07-30 17:46 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\Macromedia 2012-07-30 17:45 - 2012-07-30 17:45 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Mozilla 2012-07-30 17:45 - 2012-07-30 17:45 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\Mozilla 2012-07-30 17:41 - 2012-07-30 18:45 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\TSVNCache 2012-07-30 17:41 - 2012-07-30 17:41 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Subversion 2012-07-30 17:41 - 2012-07-30 17:41 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Malwarebytes 2012-07-30 17:40 - 2012-08-04 08:41 - 00000000 ____D C:\users\isabelle.PC-marc 2012-07-30 17:40 - 2012-07-30 17:40 - 00000020 __ASH C:\Users\isabelle.PC-marc\ntuser.ini 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Voisinage réseau 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Voisinage d'impression 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Modèles 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Menu Démarrer 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Documents\Mes vidéos 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Documents\Mes images 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\Documents\Ma musique 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 __SHD C:\Users\isabelle.PC-marc\AppData\Local\Historique 2012-07-30 17:40 - 2012-07-30 17:40 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Local\VirtualStore 2012-07-30 17:40 - 2011-10-17 20:07 - 00000000 ____D C:\Users\isabelle.PC-marc\AppData\Roaming\Macromedia 2012-07-30 17:34 - 2012-07-30 17:34 - 00000000 ____D C:\Users\isabelle\AppData\Roaming\Subversion 2012-07-30 17:30 - 2012-07-30 17:36 - 00000000 ____D C:\users\isabelle 2012-07-30 17:30 - 2012-07-30 17:30 - 00000020 __ASH C:\Users\isabelle\ntuser.ini 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Voisinage réseau 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Voisinage d'impression 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Modèles 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Menu Démarrer 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Documents\Mes vidéos 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Documents\Mes images 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\Documents\Ma musique 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 __SHD C:\Users\isabelle\AppData\Local\Historique 2012-07-30 17:30 - 2012-07-30 17:30 - 00000000 ____D C:\Users\isabelle\AppData\Local\TSVNCache 2012-07-30 17:30 - 2011-10-17 20:07 - 00000000 ____D C:\Users\isabelle\AppData\Roaming\Macromedia 2012-07-13 09:18 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-13 09:18 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-13 09:18 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-13 09:18 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-13 09:18 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-13 09:18 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-13 09:18 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-13 09:18 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-13 09:18 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-13 09:18 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-13 09:18 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-13 09:18 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-13 09:18 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-13 09:18 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-13 09:16 - 2012-06-12 03:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-13 09:16 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-13 09:16 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-13 09:16 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-13 09:16 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-13 09:16 - 2012-06-02 05:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-13 09:16 - 2012-06-02 05:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-13 09:16 - 2012-06-02 05:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-13 09:16 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-13 09:16 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-13 09:16 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll ============ 3 Months Modified Files ======================== 2012-08-05 19:01 - 2010-05-15 15:58 - 02072168 ____A C:\Windows\WindowsUpdate.log 2012-08-05 18:59 - 2010-05-15 17:44 - 01557818 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-05 18:49 - 2012-07-30 18:36 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-05 18:24 - 2012-08-05 18:24 - 00000186 ____A C:\Users\marc\Desktop\ckfiles.txt 2012-08-05 18:23 - 2012-08-05 18:23 - 00458240 ____A () C:\Users\marc\Desktop\CKScanner.exe 2012-08-05 18:14 - 2010-05-19 20:04 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-08-05 18:14 - 2010-05-19 20:04 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000854 ____A C:\Users\isabelle.PC-marc\Desktop\NTREGOPT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2012-08-05 15:21 - 2012-08-05 15:21 - 00000835 ____A C:\Users\isabelle.PC-marc\Desktop\ERUNT.lnk 2012-08-05 14:37 - 2009-07-14 05:34 - 00030784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-05 14:37 - 2009-07-14 05:34 - 00030784 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-05 14:29 - 2012-07-30 20:42 - 00000762 ____A C:\Windows\setupact.log 2012-08-05 14:29 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-04 12:45 - 2012-08-04 12:45 - 00001793 ____A C:\Users\Public\Desktop\Duke Nukem Forever.lnk 2012-08-04 11:19 - 2010-07-23 09:16 - 00017488 ____A (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys 2012-08-04 11:11 - 2012-08-04 11:11 - 00001216 ____A C:\AdwCleaner[R1].txt 2012-08-04 10:49 - 2012-04-09 07:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-08-04 10:49 - 2011-05-17 19:56 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-08-04 07:31 - 2010-07-23 10:31 - 00000600 ____A C:\Users\marc\AppData\Local\PUTTY.RND 2012-08-02 19:49 - 2012-08-02 19:49 - 00011707 ____A C:\ComboFix.txt 2012-07-31 20:08 - 2010-10-09 09:01 - 00002054 ___AH C:\Users\marc\Documents\Default.rdp 2012-07-31 19:27 - 2012-07-31 19:27 - 00000376 ____A C:\Windows\PFRO.log 2012-07-30 20:42 - 2012-07-30 20:42 - 00000000 ____A C:\Windows\setuperr.log 2012-07-30 20:37 - 2012-07-30 20:37 - 00206376 __RSH C:\grldr 2012-07-30 20:35 - 2012-07-30 20:35 - 00202356 ____A C:\Users\marc\Documents\cc_20120730_213508.reg 2012-07-30 19:36 - 2009-07-14 03:04 - 00000215 ____A C:\Windows\system.ini 2012-07-30 18:43 - 2012-07-30 18:43 - 01091128 ____A C:\Users\isabelle.PC-marc\Downloads\Unlocker1.9.1.exe 2012-07-30 18:34 - 2012-07-30 18:34 - 00354184 ____A C:\Users\isabelle.PC-marc\Downloads\installer_flash_player_French.exe 2012-07-30 18:16 - 2012-07-30 18:16 - 04722436 ___RA (Swearware) C:\Users\isabelle.PC-marc\Downloads\ComboFix.exe 2012-07-30 17:58 - 2012-07-30 17:58 - 00068552 ____A C:\Users\isabelle.PC-marc\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-30 17:40 - 2012-07-30 17:40 - 00000020 __ASH C:\Users\isabelle.PC-marc\ntuser.ini 2012-07-30 17:30 - 2012-07-30 17:30 - 00000020 __ASH C:\Users\isabelle\ntuser.ini 2012-07-13 17:33 - 2009-07-14 05:33 - 00313992 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-13 09:17 - 2010-05-21 20:38 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 12:46 - 2011-03-31 20:07 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-12 03:40 - 2012-07-13 09:16 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 05:41 - 2012-07-13 09:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-06 06:05 - 2012-07-13 09:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 06:05 - 2012-07-13 09:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 06:03 - 2012-07-13 09:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-02 23:19 - 2012-06-21 16:26 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 23:19 - 2012-06-21 16:26 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 23:19 - 2012-06-21 16:26 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 23:19 - 2012-06-21 16:26 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 23:19 - 2012-06-21 16:26 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 23:12 - 2012-06-21 16:26 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 23:12 - 2012-06-21 16:26 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:19 - 2012-06-21 16:26 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:12 - 2012-06-21 16:26 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 10:07 - 2012-07-13 09:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 09:43 - 2012-07-13 09:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 09:33 - 2012-07-13 09:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 09:26 - 2012-07-13 09:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 09:25 - 2012-07-13 09:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 09:25 - 2012-07-13 09:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 09:23 - 2012-07-13 09:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 09:21 - 2012-07-13 09:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 09:20 - 2012-07-13 09:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 09:19 - 2012-07-13 09:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 09:19 - 2012-07-13 09:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 09:17 - 2012-07-13 09:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 09:16 - 2012-07-13 09:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 09:14 - 2012-07-13 09:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 05:45 - 2012-07-13 09:16 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 05:45 - 2012-07-13 09:16 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 05:40 - 2012-07-13 09:16 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 05:40 - 2012-07-13 09:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 05:39 - 2012-07-13 09:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-05-31 17:47 - 2009-07-14 05:53 - 00032482 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-05-31 11:25 - 2010-05-15 18:12 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 11% Total physical RAM: 4094.54 MB Available physical RAM: 3611.7 MB Total Pagefile: 4092.82 MB Available Pagefile: 3610.17 MB Total Virtual: 2047.88 MB Available Virtual: 1958.3 MB ======================= Partitions ========================= 2 Drive c: () (Fixed) (Total:189.05 GB) (Free:123.98 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive d: (raid) (Fixed) (Total:232.88 GB) (Free:49.79 GB) NTFS 5 Drive f: (Disque de réparation Windows 7 3) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF 6 Drive g: (CORSAIR) (Removable) (Total:0.95 GB) (Free:0.38 GB) FAT 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Nø disque Statut Taille Libre Dyn GPT --------- ------------- ------- ------- --- --- Disque 0 En ligne 232 G octets 1024 K octets Disque 1 En ligne 232 G octets 0 octets Disque 2 En ligne 968 M octets 0 octets Partitions of Disk 0: =============== Nø partition Type Taille D‚calage ------------- ---------------- ------- -------- Partition 1 Principale 189 G 31 K Partition 2 Principale 43 G 189 G ================================================================================== Disk: 0 Partition 1 Type : 07 Masqu‚ : Non Active : Oui D‚calage en octets : 32256 Nø volume Ltr Nom Fs Type Taille Statut Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 189 G Sain ================================================================================== Disk: 0 Partition 2 Type : 06 Masqu‚ : Non Active : Non D‚calage en octets : 202988584960 Nø volume Ltr Nom Fs Type Taille Statut Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E RAW Partition 43 G Sain ================================================================================== Partitions of Disk 1: =============== Nø partition Type Taille D‚calage ------------- ---------------- ------- -------- Partition 1 Principale 232 G 1024 K ================================================================================== Disk: 1 Partition 1 Type : 07 Masqu‚ : Non Active : Non D‚calage en octets : 1048576 Nø volume Ltr Nom Fs Type Taille Statut Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D raid NTFS Partition 232 G Sain ================================================================================== Partitions of Disk 2: =============== Nø partition Type Taille D‚calage ------------- ---------------- ------- -------- Partition 1 Principale 967 M 16 K ================================================================================== Disk: 2 Partition 1 Type : 06 Masqu‚ : Non Active : Oui D‚calage en octets : 16384 Nø volume Ltr Nom Fs Type Taille Statut Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G CORSAIR FAT Amovible 967 M Sain ================================================================================== ========================================================== Last Boot: 2012-07-28 12:34 ======================= End Of Log ==========================
  12. the repair disk is burned. CKScanner - Additional Security Risks - These are not necessarily bad c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat scanner sequence 3.NA.11.LTAPDR ----- EOF -----
  13. I don't know if it's important but I never have set the proxy in firefox!!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.