Solved Updating Adobe Flash infected me with crypt.AQLW

C

Carnival

Posts: 16   +0
Hi.
Things went exactly like the title said, and AVG only helps me to see how fast the Trojan is spreading.
Now, my computer reboots randomly, is slowed, and

my connection rate is really random too. Firefox

is subject to pop-ups.
I tried many things, but Crypt is always here.
Below are the requested logs.
Gmer had to be ran in Safe Mode, because an

unwanted reset occured at my first attempt.

Help me, please.


--------
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.10.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Katia :: KAT [administrator]

Protection: Enabled

10/03/2012 12:00:03
mbam-log-2012-03-10 (12-00-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232722
Time elapsed: 16 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-10 22:28:54
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f Maxtor_6Y080L0 rev.YAR41BW0
Running: djnukmrm.exe; Driver: C:\DOCUME~1\Katia\LOCALS~1\Temp\pxtdqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text USBPORT.SYS!DllUnload F71ED62C 5 Bytes JMP 856564E0
.text anbf28sh.SYS F719E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text anbf28sh.SYS F719E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text anbf28sh.SYS F719E3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text anbf28sh.SYS F719E3C9 1 Byte [2E]
.text anbf28sh.SYS F719E3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
? sphq.sys Le fichier spécifié est introuvable. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8576A1F8
Device \Driver\usbohci \Device\USBPDO-0 85655500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 857D71F8
Device \Driver\dmio \Device\DmControl\DmConfig 857D71F8
Device \Driver\dmio \Device\DmControl\DmPnP 857D71F8
Device \Driver\dmio \Device\DmControl\DmInfo 857D71F8
Device \Driver\usbohci \Device\USBPDO-1 85655500
Device \Driver\usbehci \Device\USBPDO-2 8559A500
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 857D71F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 857D71F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8576C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8576C1F8
Device \Driver\Cdrom \Device\CdRom0 8572C500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8576B1F8
Device \Driver\atapi \Device\Ide\IdePort0 8576B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8576B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8576B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8576B1F8
Device \Driver\Cdrom \Device\CdRom1 8572C500
Device \Driver\PCI_PNP7252 \Device\0000005e sphq.sys
Device \Driver\usbohci \Device\USBFDO-0 85655500
Device \Driver\sptd \Device\4011002252 sphq.sys
Device \Driver\usbohci \Device\USBFDO-1 85655500
Device \Driver\usbehci \Device\USBFDO-2 8559A500
Device \Driver\Ftdisk \Device\FtControl 8576C1F8
Device \Driver\anbf28sh \Device\Scsi\anbf28sh1Port2Path0Target0Lun0 8563C1F8
Device \Driver\anbf28sh \Device\Scsi\anbf28sh1 8563C1F8
Device \FileSystem\Cdfs \Cdfs 85542500

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 857D92D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F748DC4C] sphq.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F748DCA0] sphq.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F745D040] sphq.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F745D13C] sphq.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F745D0BE] sphq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F745D7FC] sphq.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F745D6D2] sphq.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746D048] sphq.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 856565E0
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\anbf28sh.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- System - GMER 1.0.15 ----

INT 0x62 ? 8576BBF8
INT 0x63 ? 85656F00
INT 0x73 ? 85656F00
INT 0x82 ? 8576BBF8
INT 0x83 ? 85656F00

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB4 0xEC 0x10 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA2 0xAC 0xF9 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x21 0x5D 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB4 0xEC 0x10 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA2 0xAC 0xF9 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0A 0x21 0x5D 0x56 ...

SSDT sphq.sys ZwCreateKey [0xF745C0E0]
SSDT sphq.sys ZwEnumerateKey [0xF747ACA2]
SSDT sphq.sys ZwEnumerateValueKey [0xF747B030]
SSDT sphq.sys ZwOpenKey [0xF745C0C0]
SSDT sphq.sys ZwQueryKey [0xF747B108]
SSDT sphq.sys ZwQueryValueKey [0xF747AF88]
SSDT sphq.sys ZwSetValueKey [0xF747B19A]

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB40057$\2725605108 0 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973 0 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\cfg.ini 169 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\L 0 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\L\akygdmgo 162816 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\oemid 138 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U 0 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\U\80000032.@ 96256 bytes
File C:\WINDOWS\$NtUninstallKB40057$\779923973\version 861 bytes

---- EOF - GMER 1.0.15 ----

ATTACH (DDS)
-------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 01/02/2005 19:18:55
System Uptime: 10/03/2012 22:31:45 (0 hours ago)
.
Motherboard: | | K7S41GX
Processor: AMD Sempron(tm) 2400+ | Socket-A | 1672/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 20 GiB total, 6,001 GiB free.
D: is FIXED (NTFS) - 57 GiB total, 40,417 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 76,613 GiB free.
.
==== Installed Programs ======================
.
.
AAC to MP3 Converter
AbiWord 2.4.6 (remove only)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 6.0
Adobe Shockwave Player
Akamai NetSession Interface
Akamai NetSession Interface Service
Archiveur WinRAR
Assistant de connexion Windows Live
AVG 8.5
Baldur's Gate
BitTorrent
Black & White Creature Isle
Black and White
C-Media 3D Audio
CiD Help
Compel Adaptec WinASPI
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Direct Show Ogg Vorbis Filter (remove only)
DS-Monkey Audio Source 1.00
Dungeon Keeper Gold
Détection de l'application Winamp
eSpeak version 1.40.01
ffdshow v1.1.4291 [2012-01-31]
GameWiz32
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Installation Windows Live
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 2.20 Full
KC Softwares KFK
Lame ACM MP3 Codec
leogeo_timebeat
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Small Business
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MilkShape 3D 1.7.9
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
Mise à jour de sécurité pour Windows XP (KB890046)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899589)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB911280)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911567)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912812)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913446)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB916281)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922760)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925486)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937143)
Mise à jour de sécurité pour Windows XP (KB937894)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB939653)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB941693)
Mise à jour de sécurité pour Windows XP (KB942615)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944338)
Mise à jour de sécurité pour Windows XP (KB944533)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB945553)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour de sécurité pour Windows XP (KB947864)
Mise à jour de sécurité pour Windows XP (KB948590)
Mise à jour de sécurité pour Windows XP (KB948881)
Mise à jour de sécurité pour Windows XP (KB950749)
Mise à jour de sécurité pour Windows XP (KB950759)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951376)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour pour Windows XP (KB894391)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB908531)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB942840)
Mise à jour pour Windows XP (KB946627)
Monkey's Audio
Morgan Stream Switcher
Morrowind
Mozilla Firefox 10.0.2 (x86 fr)
MSVCRT
MSXML 6.0 Parser (KB927977)
Music NFO Builder v1.20
N-Bench_V3
NeoDivx 2008
NETGEAR WG111v3 wireless USB 2.0 adapter
Outil de téléchargement Windows Live
Python 2.5 PyFFI-1.1.0
Python 2.5.4
Quick Media Converter
RealPlayer
Ri4m v5.0.1d
Segoe UI
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
SpaceMonger 2.1.1
Spaceward Ho! 4.0
SpyHunter
TES Construction Set
TuneUp Utilities 2008
VeohTV BETA
VideoLAN VLC media player 0.8.6f
WebFldrs XP
Winamp
Winamp Goes 3D v1.51 (Light)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Messenger
Windows Media Format 11 runtime
Windows XP Service Pack 2
x264 Revision 305 x264.nl (remove only)
Xilisoft DVD Ripper Standard 5
Xvid 1.1.3 final uninstall
yWriter5
.
==== End Of File ===========================




DDS
-----------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by Katia at 22:44:58 on 2012-03-10
.
============== Running Processes ===============
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Documents and Settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Katia\Mes documents\Téléchargements\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {3049c3e9-b461-4bc5-8870-4c09146192ca} - RealPlayer Download and Record Plugin for Internet Explorer
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: ReImage Helper Verifier: {963b125b-8b21-49a2-a3a8-e37092276531} - c:\program files\reimagecompanion\updatebhoWin32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} -
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Akamai NetSession Interface] "c:\documents and settings\katia\local settings\application data\akamai\netsession_win.exe"
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=gmdfpnpdmnjaffhcdbobdjpolhpacaem
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dExplorerRun: [DllHst] c:\windows\system\dllhst3g.exe /waitservice
LSP: mswsock.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\fichiers communs\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\katia\application data\mozilla\firefox\profiles\ao9k5kdv.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVG Security Toolbar Service;AVG Security Toolbar Service
R? avgarcln;NdisFilt
R? Boonty Games;Boonty Games
R? cpuz134;cpuz134
R? esgiguard;esgiguard
R? mbr;mbr
R? mcvsrte;WscNetDr
R? MEMSWEEP2;MEMSWEEP2
R? RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver
R? savrt;Nbf
R? XDva019;XDva019
R? XDva031;XDva031
R? XDva068;XDva068
R? XDva092;XDva092
R? XDva147;XDva147
R? XDva157;XDva157
R? XDva182;XDva182
R? XDva186;XDva186
R? XDva204;XDva204
S? Akamai;Akamai NetSession Interface
S? avg8wd;AVG Free8 WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free8 Network Redirector
S? EAPPkt;Realtek EAPPkt Protocol
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? SpyHunter 4 Service;SpyHunter 4 Service
S? vToolbarUpdater;vToolbarUpdater
.
=============== Created Last 30 ================
.
2012-03-09 16:26:31 -------- d-----w- c:\documents and settings\katia\application data\SpaceMonger
2012-03-08 22:12:27 -------- d-----w- c:\documents and settings\katia\AppData
2012-03-08 22:05:06 110080 ----a-r- c:\documents and settings\katia\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe
2012-03-08 22:05:05 110080 ----a-r- c:\documents and settings\katia\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe
2012-03-08 22:05:05 110080 ----a-r- c:\documents and settings\katia\application data\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe
2012-03-08 22:03:27 -------- d-----w- C:\sh4ldr
2012-03-08 22:03:27 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 21:57:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-08 21:43:19 -------- d-----w- c:\documents and settings\katia\application data\GetRightToGo
2012-03-07 17:43:17 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-07 12:20:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-01-27 22:54:44 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-27 22:52:36 48128 ----a-w- c:\windows\system32\ff_acm.acm
.
============= FINISH: 22:50:12,89 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
First of all, thank you.

And here's the log.

00:47:09.0093 2488 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
00:47:10.0312 2488 ============================================================
00:47:10.0312 2488 Current date / time: 2012/03/11 00:47:10.0312
00:47:10.0312 2488 SystemInfo:
00:47:10.0312 2488
00:47:10.0312 2488 OS Version: 5.1.2600 ServicePack: 2.0
00:47:10.0312 2488 Product type: Workstation
00:47:10.0312 2488 ComputerName: KAT
00:47:10.0312 2488 UserName: Katia
00:47:10.0312 2488 Windows directory: C:\WINDOWS
00:47:10.0312 2488 System windows directory: C:\WINDOWS
00:47:10.0312 2488 Processor architecture: Intel x86
00:47:10.0312 2488 Number of processors: 1
00:47:10.0312 2488 Page size: 0x1000
00:47:10.0312 2488 Boot type: Normal boot
00:47:10.0312 2488 ============================================================
00:47:24.0046 2488 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:47:24.0062 2488 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:47:24.0093 2488 \Device\Harddisk0\DR0:
00:47:24.0093 2488 MBR used
00:47:24.0093 2488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
00:47:24.0109 2488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x7192A76
00:47:24.0109 2488 \Device\Harddisk1\DR1:
00:47:24.0125 2488 MBR used
00:47:24.0265 2488 Initialize success
00:47:24.0265 2488 ============================================================
00:48:10.0531 0404 ============================================================
00:48:10.0531 0404 Scan started
00:48:10.0531 0404 Mode: Manual;
00:48:10.0531 0404 ============================================================
00:48:11.0625 0404 Abiosdsk - ok
00:48:11.0937 0404 abp480n5 - ok
00:48:12.0203 0404 acmr0xmm - ok
00:48:12.0546 0404 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:48:12.0640 0404 ACPI - ok
00:48:12.0921 0404 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:48:12.0937 0404 ACPIEC - ok
00:48:13.0203 0404 adpu160m - ok
00:48:13.0562 0404 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
00:48:13.0640 0404 aec - ok
00:48:13.0937 0404 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:48:13.0968 0404 AegisP - ok
00:48:14.0312 0404 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
00:48:14.0390 0404 AFD - ok
00:48:14.0656 0404 Aha154x - ok
00:48:14.0906 0404 aic78u2 - ok
00:48:15.0171 0404 aic78xx - ok
00:48:15.0453 0404 AliIde - ok
00:48:15.0765 0404 AmdK7 (c0f59933070392e662b3c2bb2be77955) C:\WINDOWS\system32\DRIVERS\amdk7.sys
00:48:15.0812 0404 AmdK7 - ok
00:48:16.0078 0404 amsint - ok
00:48:16.0359 0404 asc - ok
00:48:16.0625 0404 asc3350p - ok
00:48:16.0875 0404 asc3550 - ok
00:48:17.0171 0404 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
00:48:17.0203 0404 Aspi32 - ok
00:48:17.0531 0404 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:48:17.0562 0404 AsyncMac - ok
00:48:17.0843 0404 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:48:17.0859 0404 atapi - ok
00:48:18.0109 0404 Atdisk - ok
00:48:18.0406 0404 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:48:18.0453 0404 Atmarpc - ok
00:48:18.0750 0404 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:48:18.0765 0404 audstub - ok
00:48:19.0187 0404 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
00:48:19.0343 0404 AvgLdx86 - ok
00:48:19.0640 0404 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
00:48:19.0687 0404 AvgMfx86 - ok
00:48:19.0984 0404 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
00:48:20.0046 0404 AvgTdiX - ok
00:48:20.0375 0404 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:48:20.0406 0404 Beep - ok
00:48:20.0578 0404 catchme - ok
00:48:20.0875 0404 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:48:20.0906 0404 cbidf2k - ok
00:48:21.0203 0404 cd20xrnt - ok
00:48:21.0500 0404 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:48:21.0531 0404 Cdaudio - ok
00:48:21.0843 0404 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
00:48:21.0906 0404 Cdfs - ok
00:48:22.0187 0404 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:48:22.0218 0404 Cdrom - ok
00:48:22.0484 0404 Changer - ok
00:48:22.0765 0404 CmdIde - ok
00:48:23.0265 0404 cmuda (c9acb382326b55748b2fc38b8a6a0759) C:\WINDOWS\system32\drivers\cmuda.sys
00:48:23.0578 0404 cmuda - ok
00:48:23.0906 0404 Cpqarray - ok
00:48:24.0031 0404 cpuz134 - ok
00:48:24.0078 0404 CrystalSysInfo - ok
00:48:24.0359 0404 dac2w2k - ok
00:48:24.0656 0404 dac960nt - ok
00:48:24.0984 0404 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
00:48:25.0015 0404 Disk - ok
00:48:25.0609 0404 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
00:48:25.0906 0404 dmboot - ok
00:48:26.0265 0404 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
00:48:26.0328 0404 dmio - ok
00:48:26.0640 0404 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:48:26.0671 0404 dmload - ok
00:48:26.0968 0404 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
00:48:27.0015 0404 DMusic - ok
00:48:27.0312 0404 dpti2o - ok
00:48:27.0625 0404 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
00:48:27.0640 0404 drmkaud - ok
00:48:27.0953 0404 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
00:48:28.0000 0404 EAPPkt - ok
00:48:28.0109 0404 esgiguard (2407b8164e966755bc6a4242fc9de31e) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
00:48:28.0156 0404 esgiguard - ok
00:48:28.0562 0404 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
00:48:28.0640 0404 Fastfat - ok
00:48:28.0937 0404 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:48:28.0968 0404 Fdc - ok
00:48:29.0234 0404 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
00:48:29.0281 0404 Fips - ok
00:48:29.0578 0404 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:48:29.0609 0404 Flpydisk - ok
00:48:29.0984 0404 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
00:48:30.0093 0404 FltMgr - ok
00:48:30.0375 0404 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:48:30.0406 0404 Fs_Rec - ok
00:48:30.0734 0404 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:48:30.0812 0404 Ftdisk - ok
00:48:31.0093 0404 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
00:48:31.0125 0404 gameenum - ok
00:48:31.0437 0404 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:48:31.0484 0404 Gpc - ok
00:48:31.0828 0404 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:48:31.0859 0404 HidUsb - ok
00:48:32.0140 0404 hpn - ok
00:48:32.0390 0404 hpt3xx - ok
00:48:32.0765 0404 HTTP (bfb7b73c942e816c4fb4a5a7bae87136) C:\WINDOWS\system32\Drivers\HTTP.sys
00:48:32.0875 0404 HTTP - ok
00:48:33.0140 0404 i2omgmt - ok
00:48:33.0406 0404 i2omp - ok
00:48:33.0703 0404 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:48:33.0750 0404 i8042prt - ok
00:48:34.0078 0404 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:48:34.0125 0404 Imapi - ok
00:48:34.0375 0404 ini910u - ok
00:48:34.0640 0404 IntelIde - ok
00:48:34.0937 0404 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
00:48:34.0968 0404 ip6fw - ok
00:48:35.0281 0404 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:48:35.0328 0404 IpFilterDriver - ok
00:48:35.0656 0404 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:48:35.0687 0404 IpInIp - ok
00:48:36.0015 0404 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:48:36.0078 0404 IpNat - ok
00:48:36.0359 0404 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:48:36.0421 0404 IPSec - ok
00:48:36.0765 0404 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
00:48:36.0812 0404 irda - ok
00:48:37.0109 0404 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:48:37.0140 0404 IRENUM - ok
00:48:37.0437 0404 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
00:48:37.0468 0404 irsir - ok
00:48:37.0796 0404 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:48:37.0828 0404 isapnp - ok
00:48:38.0140 0404 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:48:38.0171 0404 Kbdclass - ok
00:48:38.0500 0404 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
00:48:38.0500 0404 kmixer - ok
00:48:38.0828 0404 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
00:48:38.0890 0404 KSecDD - ok
00:48:39.0187 0404 lbrtfdc - ok
00:48:39.0515 0404 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
00:48:39.0562 0404 MBAMProtector - ok
00:48:39.0687 0404 mbr - ok
00:48:39.0968 0404 MEMSWEEP2 - ok
00:48:40.0265 0404 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:48:40.0281 0404 mnmdd - ok
00:48:40.0593 0404 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
00:48:40.0625 0404 Modem - ok
00:48:40.0906 0404 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:48:40.0937 0404 Mouclass - ok
00:48:41.0218 0404 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:48:41.0250 0404 mouhid - ok
00:48:41.0625 0404 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
00:48:41.0656 0404 MountMgr - ok
00:48:41.0937 0404 mraid35x - ok
00:48:42.0265 0404 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:48:42.0359 0404 MRxDAV - ok
00:48:42.0812 0404 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:48:43.0000 0404 MRxSmb - ok
00:48:43.0328 0404 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
00:48:43.0359 0404 Msfs - ok
00:48:43.0718 0404 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:48:43.0734 0404 MSKSSRV - ok
00:48:44.0062 0404 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:48:44.0093 0404 MSPCLOCK - ok
00:48:44.0390 0404 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
00:48:44.0421 0404 MSPQM - ok
00:48:44.0750 0404 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:48:44.0765 0404 mssmbios - ok
00:48:45.0078 0404 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
00:48:45.0093 0404 ms_mpu401 - ok
00:48:45.0453 0404 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
00:48:45.0515 0404 Mup - ok
00:48:45.0906 0404 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
00:48:45.0984 0404 NDIS - ok
00:48:46.0312 0404 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:48:46.0328 0404 NdisTapi - ok
00:48:46.0625 0404 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:48:46.0656 0404 Ndisuio - ok
00:48:47.0000 0404 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:48:47.0062 0404 NdisWan - ok
00:48:47.0328 0404 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
00:48:47.0375 0404 NDProxy - ok
00:48:47.0656 0404 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:48:47.0687 0404 NetBIOS - ok
00:48:48.0031 0404 NetBT (1bda0f1715ee72f131184b1fbe559c04) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:48:48.0093 0404 NetBT - ok
00:48:48.0500 0404 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
00:48:48.0546 0404 Npfs - ok
00:48:49.0062 0404 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
00:48:49.0281 0404 Ntfs - ok
00:48:49.0593 0404 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:48:49.0625 0404 Null - ok
00:48:49.0968 0404 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:48:50.0000 0404 NwlnkFlt - ok
00:48:50.0296 0404 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:48:50.0328 0404 NwlnkFwd - ok
00:48:50.0640 0404 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
00:48:50.0703 0404 NwlnkIpx - ok
00:48:51.0046 0404 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
00:48:51.0093 0404 NwlnkNb - ok
00:48:51.0375 0404 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
00:48:51.0421 0404 NwlnkSpx - ok
00:48:51.0781 0404 NWRDR (3f18d9365be71c7b2e43b7cf4a0c1a10) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
00:48:51.0859 0404 NWRDR - ok
00:48:52.0203 0404 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
00:48:52.0250 0404 Parport - ok
00:48:52.0515 0404 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
00:48:52.0546 0404 PartMgr - ok
00:48:52.0843 0404 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
00:48:52.0875 0404 ParVdm - ok
00:48:53.0234 0404 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
00:48:53.0281 0404 PCI - ok
00:48:53.0562 0404 PCIDump - ok
00:48:53.0890 0404 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:48:53.0906 0404 PCIIde - ok
00:48:54.0234 0404 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:48:54.0296 0404 Pcmcia - ok
00:48:54.0578 0404 PDCOMP - ok
00:48:54.0828 0404 PDFRAME - ok
00:48:55.0125 0404 PDRELI - ok
00:48:55.0390 0404 PDRFRAME - ok
00:48:55.0640 0404 perc2 - ok
00:48:55.0906 0404 perc2hib - ok
00:48:56.0296 0404 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:48:56.0328 0404 PptpMiniport - ok
00:48:56.0671 0404 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
00:48:56.0703 0404 Processor - ok
00:48:57.0078 0404 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
00:48:57.0125 0404 PSched - ok
00:48:57.0484 0404 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:48:57.0500 0404 Ptilink - ok
00:48:57.0859 0404 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:48:57.0890 0404 PxHelp20 - ok
00:48:58.0156 0404 ql1080 - ok
00:48:58.0421 0404 Ql10wnt - ok
00:48:58.0656 0404 ql12160 - ok
00:48:58.0937 0404 ql1240 - ok
00:48:59.0187 0404 ql1280 - ok
00:48:59.0484 0404 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:48:59.0515 0404 RasAcd - ok
00:48:59.0828 0404 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
00:48:59.0859 0404 Rasirda - ok
00:49:00.0203 0404 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:49:00.0234 0404 Rasl2tp - ok
00:49:00.0531 0404 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:49:00.0562 0404 RasPppoe - ok
00:49:00.0859 0404 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:49:00.0906 0404 Raspti - ok
00:49:01.0234 0404 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:49:01.0312 0404 Rdbss - ok
00:49:01.0609 0404 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:49:01.0625 0404 RDPCDD - ok
00:49:02.0000 0404 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:49:02.0093 0404 rdpdr - ok
00:49:02.0437 0404 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
00:49:02.0515 0404 RDPWD - ok
00:49:02.0812 0404 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:49:02.0843 0404 redbook - ok
00:49:03.0234 0404 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
00:49:03.0265 0404 ROOTMODEM - ok
00:49:03.0703 0404 RTL8187B (de4635e8b7975d2b5d961299469a7462) C:\WINDOWS\system32\DRIVERS\wg111v3.sys
00:49:03.0859 0404 RTL8187B - ok
00:49:04.0250 0404 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:49:04.0250 0404 Secdrv - ok
00:49:04.0562 0404 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:49:04.0593 0404 serenum - ok
00:49:04.0859 0404 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
00:49:04.0921 0404 Serial - ok
00:49:05.0265 0404 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
00:49:05.0312 0404 sfdrv01 - ok
00:49:05.0562 0404 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
00:49:05.0593 0404 sfhlp02 - ok
00:49:05.0875 0404 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:49:05.0906 0404 Sfloppy - ok
00:49:06.0234 0404 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
00:49:06.0281 0404 sfvfs02 - ok
00:49:06.0562 0404 Simbad - ok
00:49:07.0000 0404 SiS315 (a4339c50e8ee58fd2e0c9f0b3db01ec0) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
00:49:07.0125 0404 SiS315 - ok
00:49:07.0421 0404 SiSkp (0ffff52aee71a9c3ecb1fb9e4e7f64ae) C:\WINDOWS\system32\DRIVERS\srvkp.sys
00:49:07.0453 0404 SiSkp - ok
00:49:07.0750 0404 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
00:49:07.0781 0404 SISNIC - ok
00:49:08.0093 0404 Sparrow - ok
00:49:08.0406 0404 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
00:49:08.0421 0404 splitter - ok
00:49:08.0921 0404 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
00:49:09.0062 0404 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
00:49:09.0062 0404 sptd ( LockedFile.Multi.Generic ) - warning
00:49:09.0062 0404 sptd - detected LockedFile.Multi.Generic (1)
00:49:09.0421 0404 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
00:49:09.0468 0404 sr - ok
00:49:09.0843 0404 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
00:49:10.0015 0404 Srv - ok
00:49:10.0296 0404 StarOpen - ok
00:49:10.0609 0404 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:49:10.0625 0404 swenum - ok
00:49:10.0921 0404 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
00:49:10.0984 0404 swmidi - ok
00:49:11.0265 0404 symc810 - ok
00:49:11.0515 0404 symc8xx - ok
00:49:11.0765 0404 sym_hi - ok
00:49:12.0015 0404 sym_u3 - ok
00:49:12.0328 0404 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
00:49:12.0359 0404 sysaudio - ok
00:49:12.0703 0404 tbhsd (5d8c820e2d885c25ffc6bbc5d4fe073c) C:\WINDOWS\system32\drivers\tbhsd.sys
00:49:12.0750 0404 tbhsd - ok
00:49:13.0156 0404 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:49:13.0312 0404 Tcpip - ok
00:49:13.0671 0404 Tcpip6 (dccacdd2747ada221aece5c9ada5d551) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
00:49:13.0765 0404 Tcpip6 - ok
00:49:14.0078 0404 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:49:14.0109 0404 TDPIPE - ok
00:49:14.0390 0404 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
00:49:14.0421 0404 TDTCP - ok
00:49:14.0718 0404 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:49:14.0781 0404 TermDD - ok
00:49:15.0078 0404 TosIde - ok
00:49:15.0406 0404 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
00:49:15.0437 0404 tunmp - ok
00:49:15.0734 0404 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys
00:49:15.0781 0404 uagp35 - ok
00:49:16.0078 0404 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
00:49:16.0125 0404 Udfs - ok
00:49:16.0421 0404 ultra - ok
00:49:16.0781 0404 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
00:49:16.0875 0404 Update - ok
00:49:17.0234 0404 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:49:17.0265 0404 usbehci - ok
00:49:17.0578 0404 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:49:17.0625 0404 usbhub - ok
00:49:17.0906 0404 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:49:17.0937 0404 usbohci - ok
00:49:18.0234 0404 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:49:18.0281 0404 USBSTOR - ok
00:49:18.0609 0404 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
00:49:18.0640 0404 VgaSave - ok
00:49:18.0890 0404 ViaIde - ok
00:49:19.0234 0404 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
00:49:19.0265 0404 VolSnap - ok
00:49:19.0609 0404 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:49:19.0640 0404 Wanarp - ok
00:49:19.0906 0404 WDICA - ok
00:49:20.0250 0404 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
00:49:20.0328 0404 wdmaud - ok
00:49:20.0812 0404 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:49:20.0843 0404 WS2IFSL - ok
00:49:21.0234 0404 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:49:21.0281 0404 WudfPf - ok
00:49:21.0578 0404 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:49:21.0640 0404 WudfRd - ok
00:49:21.0937 0404 XDva019 - ok
00:49:22.0187 0404 XDva031 - ok
00:49:22.0437 0404 XDva068 - ok
00:49:22.0687 0404 XDva092 - ok
00:49:22.0906 0404 XDva147 - ok
00:49:23.0156 0404 XDva157 - ok
00:49:23.0593 0404 XDva182 - ok
00:49:23.0828 0404 XDva186 - ok
00:49:24.0093 0404 XDva204 - ok
00:49:24.0375 0404 XTrapD12 - ok
00:49:24.0515 0404 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
00:49:24.0734 0404 \Device\Harddisk0\DR0 - ok
00:49:24.0765 0404 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:49:24.0781 0404 \Device\Harddisk1\DR1 - ok
00:49:24.0796 0404 Boot (0x1200) (ab8e1e544201695e7c81080bb813e735) \Device\Harddisk0\DR0\Partition0
00:49:24.0796 0404 \Device\Harddisk0\DR0\Partition0 - ok
00:49:24.0828 0404 Boot (0x1200) (158821a92adc04d8a3c608ed47fefa2e) \Device\Harddisk0\DR0\Partition1
00:49:24.0828 0404 \Device\Harddisk0\DR0\Partition1 - ok
00:49:24.0843 0404 ============================================================
00:49:24.0843 0404 Scan finished
00:49:24.0843 0404 ============================================================
00:49:24.0859 3064 Detected object count: 1
00:49:24.0875 3064 Actual detected object count: 1
00:49:36.0781 3064 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:49:36.0781 3064 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-11 01:12:27
-----------------------------
01:12:27.203 OS Version: Windows 5.1.2600 Service Pack 2
01:12:27.203 Number of processors: 1 586 0x801
01:12:27.203 ComputerName: KAT UserName:
01:12:28.609 Initialize success
01:13:58.171 AVAST engine defs: 12031002
01:14:28.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f
01:14:28.984 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 78167MB BusType: 3
01:14:28.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
01:14:28.984 Disk 1 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
01:14:28.984 Device \Driver\atapi -> MajorFunction 8576c1f8
01:14:29.000 Disk 0 MBR read successfully
01:14:29.015 Disk 0 MBR scan
01:14:29.203 Disk 0 Windows XP default MBR code
01:14:29.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
01:14:29.218 Disk 0 Partition - 00 0F Extended LBA 58149 MB offset 40965750
01:14:29.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 58149 MB offset 40965813
01:14:29.281 Disk 0 scanning sectors +160055595
01:14:29.437 Disk 0 scanning C:\WINDOWS\system32\drivers
01:14:53.937 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ARC [Rtk]
01:15:12.500 Disk 0 trace - called modules:
01:15:12.515 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8532efd0]<<
01:15:12.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85757ab8]
01:15:12.531 3 CLASSPNP.SYS[f75bd05b] -> nt!IofCallDriver -> [0x85440ab8]
01:15:12.531 \Driver\00004410[0x85408be0] -> IRP_MJ_CREATE -> 0x8532efd0
01:15:13.500 AVAST engine scan C:\WINDOWS
01:15:28.687 AVAST engine scan C:\WINDOWS\system32
01:27:31.125 AVAST engine scan C:\WINDOWS\system32\drivers
01:28:03.125 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ARC [Rtk]
01:28:30.890 AVAST engine scan C:\Documents and Settings\Katia
01:40:24.812 AVAST engine scan C:\Documents and Settings\All Users
01:43:02.765 Scan finished successfully
01:43:28.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katia\Bureau\MBR.dat"
01:43:28.843 The log file has been saved successfully to "C:\Documents and Settings\Katia\Bureau\aswMBR.txt"





Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 580e12b06e588182236319551a05ba37

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi again.
Things seems slightly better now. The overall speed increased, and the machine sounds no more like crazy. But right after ComboFix finished, despite my many reboots and attempts, I just couldn't connect anymore. Guess I'll have to reinstall NetGear.
Right now, I'm on someone else's computer.

The log:

ComboFix 12-03-10.02 - Katia 11/03/2012 11:56:41.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.723 [GMT 1:00]
Lancé depuis: c:\documents and settings\Katia\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Katia\WINDOWS
c:\documents and settings\Max\WINDOWS
c:\documents and settings\o\WINDOWS
c:\windows\$NtUninstallKB40057$\2725605108
c:\windows\$NtUninstallKB40057$\779923973\@
c:\windows\$NtUninstallKB40057$\779923973\cfg.ini
c:\windows\$NtUninstallKB40057$\779923973\Desktop.ini
c:\windows\$NtUninstallKB40057$\779923973\L\akygdmgo
c:\windows\$NtUninstallKB40057$\779923973\oemid
c:\windows\$NtUninstallKB40057$\779923973\U\00000001.@
c:\windows\$NtUninstallKB40057$\779923973\U\00000002.@
c:\windows\$NtUninstallKB40057$\779923973\U\00000004.@
c:\windows\$NtUninstallKB40057$\779923973\U\80000000.@
c:\windows\$NtUninstallKB40057$\779923973\U\80000004.@
c:\windows\$NtUninstallKB40057$\779923973\U\80000032.@
c:\windows\$NtUninstallKB40057$\779923973\version
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8b6055a6455f0de5.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Drivers\sptd.sys
c:\windows\system32\ntpr_nic_service2.dll
c:\windows\system32\SET36.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET7D.tmp
D:\install.exe
.
Une copie infectée de c:\windows\system32\drivers\netbt.sys a été trouvée et désinfectée
Copie restaurée à partir de - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Legacy_spcstb
-------\Legacy_sptd
-------\Service_spcstb
-------\Service_sptd
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-11 au 2012-03-11 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-09 16:26 . 2012-03-09 16:26 -------- d-----w- c:\documents and settings\Katia\Application Data\SpaceMonger
2012-03-08 22:12 . 2012-03-08 22:12 -------- d-----w- c:\documents and settings\Katia\AppData
2012-03-08 22:08 . 2012-03-08 22:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG Secure Search
2012-03-08 22:05 . 2012-03-08 22:05 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-08 22:03 . 2012-03-08 22:06 -------- d-----w- C:\sh4ldr
2012-03-08 22:03 . 2012-03-08 22:03 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 21:57 . 2012-03-08 22:05 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-08 21:43 . 2012-03-08 21:43 -------- d-----w- c:\documents and settings\Katia\Application Data\GetRightToGo
2012-03-08 12:43 . 2012-03-08 12:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-07 17:43 . 2012-03-11 09:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-07 12:20 . 2012-03-08 22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 22:54 . 2007-08-23 17:30 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-27 22:52 . 2012-02-06 17:43 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-19 18:04 . 2012-01-12 22:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-19 12:17 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Akamai NetSession Interface"="c:\documents and settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-5-17 49254]
Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 1933312]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-23 1933312]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-2-1 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tunebite"=g:\tunebbite\Tunebite.exe -tray
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\TestServeur.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Serveur_Jeu.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\BitTorrent\\bittorrent.exe"=
"g:\\Stationripper\\StationRipperConsole.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\UTportable\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\Katia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"12062:TCP"= 12062:TCP:BitComet 12062 TCP
"12062:UDP"= 12062:UDP:BitComet 12062 UDP
"20061:TCP"= 20061:TCP:BitComet 20061 TCP
"20061:UDP"= 20061:UDP:BitComet 20061 UDP
"1259:TCP"= 1259:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/08/2001 13:00 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12:13 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/10/2010 11:37 652360]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [19/01/2012 13:17 909152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/10/2010 11:37 20464]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14:12 341504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]
S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva147;XDva147;\??\c:\windows\system32\XDva147.sys --> c:\windows\system32\XDva147.sys [?]
S3 XDva157;XDva157;\??\c:\windows\system32\XDva157.sys --> c:\windows\system32\XDva157.sys [?]
S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva204;XDva204;\??\c:\windows\system32\XDva204.sys --> c:\windows\system32\XDva204.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
IBM_LLC2
captureservice
SQLAgent$LG_LP2
btserial
sfusvc
StkASSrv
vci
servicemgr
PciBus
mcontrol
dot4print
usbvm321
rtm
w810bus
ctljystk
GMSIPCI
hpconfig
syslogd
appdrv
kbstuff
PSDFilter
WGX
mcvsrte
tfsndrct
teefer
nimcdfxk
pduip6000dmemcrdmgr
winss
zebrmdfl
3compxe
pelmouse
wkscfgsrv
nvrd32
pensup
PCDCODEC
Tablet2k
61883
basfipm
BCMWLNPF
pdlnatcm
bt3cusb
yats32
lxcd_device
Xyz777b
snpstd2
acdservice
PTDCMdm
SNC
nsm1bus
ZTEusbser6k
NWFILTER
symevent
savrt
USB28xxBGA
c-dillacdac11ba
SfCtlCom
DellAMBrokerService
shuttleengine
_iomega_active_disk_service_
vstor2-ws60
kservice
mcusrmgr
imountsrv
HSFHWICH
toscosrv
vncmirror
spcstb
keriomailserver
mclserviceatl
quickbooksdb
mwspollserver
AVCamUSB20
USB_NDIS_51
CSRBC
giveio
tifmsony
se59unic
RSAFAL
amon
zunenetworksvc
tosrfsnd
avgarcln
netrcacm
pchost
icollectservice
3combootp
imagesrv
PBADRV
CoachVc
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
oracle_load_balancer_60_client-forms6ip9
REVO
stylexpservice
InterBaseServer
YMIDUSB
pptchpad
btwaudio
vpnva
sqlagent$soshome22
COMMONFX.DLL
utscsi
procexp90
CTSYN
aswmon2
STV680
dlaifs_m
DLARTL_M
diskeeper
CcmExec
s117bus
compbatt
lxrjd31d
mstdc
WinFl32
etoksrv
stylexphelper
pdlndlpb
w70n51
mmc_2K
foldersize
DCamUSBGrandTek
avinitnt
pktfilter
ppmoucls
netmdsb
SWUMX51
QWAVEDRV
ASNDIS5
jsdaemon
mcods
Ndisipo
SE26mdm
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:23]
.
2012-03-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
2012-03-08 c:\windows\Tasks\SpyHunter4.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2012-01-18 05:22]
.
2012-03-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-28 21:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{963B125B-8B21-49A2-A3A8-E37092276531} - c:\program files\ReImageCompanion\updatebhoWin32.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-Browser companion helper - c:\program files\BrowserCompanion\BCHelper.exe
HKU-Default-Explorer_Run-DllHst - c:\windows\System\dllhst3g.exe
Notify-avgrsstarter - (no file)
Notify-WgaLogon - (no file)
AddRemove-01FLAG2 - c:\docume~1\Katia\APPLIC~1\EXTRAS~1\anti flaw intra.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 12:13
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\windows\$NtUninstallKB40057$:SummaryInformation 0 bytes hidden from API
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\26.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Heure de fin: 2012-03-11 12:21:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-11 11:20
.
Avant-CF: 6*500*831*232 octets libres
Après-CF: 8*624*427*008 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn
.
- - End Of File - - A8737C23C6904326B8BF483C322A0C3A
 
NetGear's reinstallation worked well. I'm able to connect now.

Please, let me know when I can reinstall AVG.
 
Good :)

We'll reinstall AVG when we're done with Combofix.

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

Code: 
c:\windows\$NtUninstallKB40057$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

==================================================================

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\dds_trash_log.cmd

Folder::
c:\windows\$NtUninstallKB40057$

Driver::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Internet wasn't disabled by ComboFix this time. Hope it's not of bad consequences.





GrantPerms by Farbar
Ran by Katia (administrator) at 2012-03-11 18:36:10

===============================================
\\?\c:\windows\$NtUninstallKB40057$

Owner: BUILTIN\Administrateurs

DACL(P)(AI):
BUILTIN\Administrateurs FULL ALLOW (CI)(OI)
AUTORITE NT\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Utilisateurs READ/EXECUTE ALLOW (CI)(OI)




ComboFix 12-03-10.02 - Katia 11/03/2012 18:53:59.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.730 [GMT 1:00]
Lancé depuis: c:\documents and settings\Katia\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Katia\Bureau\CFScript.txt
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB40057$\3787914794
c:\windows\$NtUninstallKB40057$ . . . . impossible à supprimer
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-11 au 2012-03-11 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-11 13:08 . 2012-03-11 13:08 -------- d-----w- C:\OEMSettings
2012-03-09 16:26 . 2012-03-09 16:26 -------- d-----w- c:\documents and settings\Katia\Application Data\SpaceMonger
2012-03-08 22:12 . 2012-03-08 22:12 -------- d-----w- c:\documents and settings\Katia\AppData
2012-03-08 22:08 . 2012-03-08 22:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG Secure Search
2012-03-08 22:05 . 2012-03-08 22:05 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-08 22:03 . 2012-03-08 22:06 -------- d-----w- C:\sh4ldr
2012-03-08 22:03 . 2012-03-08 22:03 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 21:57 . 2012-03-08 22:05 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-08 21:43 . 2012-03-08 21:43 -------- d-----w- c:\documents and settings\Katia\Application Data\GetRightToGo
2012-03-08 12:43 . 2012-03-08 12:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-07 17:43 . 2012-03-11 09:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-07 12:20 . 2012-03-08 22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 22:54 . 2007-08-23 17:30 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-27 22:52 . 2012-02-06 17:43 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-19 18:04 . 2012-01-12 22:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-11_11.13.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 18:04 . 2012-03-11 18:04 16384 c:\windows\Temp\Perflib_Perfdata_4ec.dat
+ 2012-03-11 18:04 . 2012-03-11 18:04 16384 c:\windows\Temp\Perflib_Perfdata_1f0.dat
- 2010-09-29 11:52 . 2010-09-29 11:52 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut5_5396FBD88BD747F992AEF62F13D5A11D_1.exe
+ 2012-03-11 13:08 . 2012-03-11 13:08 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut5_5396FBD88BD747F992AEF62F13D5A11D_1.exe
- 2010-09-29 11:52 . 2010-09-29 11:52 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut41_5396FBD88BD747F992AEF62F13D5A11D.exe
+ 2012-03-11 13:08 . 2012-03-11 13:08 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut41_5396FBD88BD747F992AEF62F13D5A11D.exe
- 2010-09-29 11:52 . 2010-09-29 11:52 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe
+ 2012-03-11 13:08 . 2012-03-11 13:08 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut4_5396FBD88BD747F992AEF62F13D5A11D.exe
+ 2012-03-11 13:08 . 2012-03-11 13:08 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut2_5396FBD88BD747F992AEF62F13D5A11D.exe
- 2010-09-29 11:52 . 2010-09-29 11:52 45056 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut2_5396FBD88BD747F992AEF62F13D5A11D.exe
- 2010-09-29 11:52 . 2010-09-29 11:52 10134 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\ARPPRODUCTICON.exe
+ 2012-03-11 13:08 . 2012-03-11 13:08 10134 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\ARPPRODUCTICON.exe
- 2009-07-20 16:20 . 2009-07-20 16:20 65536 c:\windows\inf\WG111v3\Win7X86\SetVistaDrv.exe
+ 2009-07-20 17:20 . 2009-07-20 17:20 65536 c:\windows\inf\WG111v3\Win7X86\SetVistaDrv.exe
- 2009-08-13 19:19 . 2009-08-13 19:19 73728 c:\windows\inf\WG111v3\Win7X64\SetVistaDrv64.exe
+ 2009-08-13 20:19 . 2009-08-13 20:19 73728 c:\windows\inf\WG111v3\Win7X64\SetVistaDrv64.exe
- 2006-12-15 09:30 . 2006-12-15 09:30 98304 c:\windows\inf\WG111v3\UScanM.exe
+ 2006-12-15 10:30 . 2006-12-15 10:30 98304 c:\windows\inf\WG111v3\UScanM.exe
+ 2009-04-01 08:49 . 2009-04-01 08:49 57344 c:\windows\inf\WG111v3\SetVistaDrv.exe
- 2009-04-01 07:49 . 2009-04-01 07:49 57344 c:\windows\inf\WG111v3\SetVistaDrv.exe
+ 2009-06-03 09:36 . 2009-06-03 09:36 74752 c:\windows\inf\WG111v3\SetDrv64.exe
- 2009-06-03 08:36 . 2009-06-03 08:36 74752 c:\windows\inf\WG111v3\SetDrv64.exe
- 2009-06-03 08:30 . 2009-06-03 08:30 49152 c:\windows\inf\WG111v3\SetDrv.exe
+ 2009-06-03 09:30 . 2009-06-03 09:30 49152 c:\windows\inf\WG111v3\SetDrv.exe
- 2006-12-15 09:30 . 2006-12-15 09:30 20480 c:\windows\inf\WG111v3\RTWUPath.exe
+ 2006-12-15 10:30 . 2006-12-15 10:30 20480 c:\windows\inf\WG111v3\RTWUPath.exe
- 2006-12-15 09:30 . 2006-12-15 09:30 19968 c:\windows\inf\WG111v3\RTWREFU.EXE
+ 2006-12-15 10:30 . 2006-12-15 10:30 19968 c:\windows\inf\WG111v3\RTWREFU.EXE
- 2006-03-16 06:24 . 2006-03-16 06:24 49664 c:\windows\inf\WG111v3\devcon.exe
+ 2006-03-16 07:24 . 2006-03-16 07:24 49664 c:\windows\inf\WG111v3\devcon.exe
+ 2012-03-11 13:08 . 2009-07-31 14:12 341504 c:\windows\system32\ReinstallBackups\0007\DriverFiles\wg111v3.sys
+ 2009-07-31 13:12 . 2009-07-31 14:12 341504 c:\windows\system32\drivers\wg111v3.sys
- 2009-07-31 13:12 . 2009-07-31 13:12 341504 c:\windows\system32\drivers\wg111v3.sys
+ 2008-12-12 16:57 . 2008-12-12 16:57 313856 c:\windows\inf\WG111v3\Win7X86\DIFxAPI.dll
- 2008-12-12 15:57 . 2008-12-12 15:57 313856 c:\windows\inf\WG111v3\Win7X86\DIFxAPI.dll
+ 2008-12-12 17:13 . 2008-12-12 17:13 512000 c:\windows\inf\WG111v3\Win7X64\DIFxAPI.dll
- 2008-12-12 16:13 . 2008-12-12 16:13 512000 c:\windows\inf\WG111v3\Win7X64\DIFxAPI.dll
+ 2009-07-31 14:12 . 2009-07-31 14:12 341504 c:\windows\inf\WG111v3\wg111v3.sys
- 2009-07-31 13:12 . 2009-07-31 13:12 341504 c:\windows\inf\WG111v3\wg111v3.sys
- 2006-12-15 09:30 . 2006-12-15 09:30 315392 c:\windows\inf\WG111v3\InstallDriver.exe
+ 2006-12-15 10:30 . 2006-12-15 10:30 315392 c:\windows\inf\WG111v3\InstallDriver.exe
+ 2006-12-15 10:30 . 2006-12-15 10:30 212992 c:\windows\inf\WG111v3\CopyWHQLDriver.exe
- 2006-12-15 09:30 . 2006-12-15 09:30 212992 c:\windows\inf\WG111v3\CopyWHQLDriver.exe
+ 2012-03-11 13:07 . 2012-03-11 13:07 9594368 c:\windows\Installer\38ef8a.msi
+ 2008-10-22 19:05 . 2012-03-11 17:39 2241024 c:\windows\Installer\285ec26.msi
- 2008-10-22 19:05 . 2012-03-11 01:17 2241024 c:\windows\Installer\285ec26.msi
- 2010-09-29 11:23 . 2010-09-29 11:52 2072576 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe
+ 2010-09-29 11:23 . 2012-03-11 13:08 2072576 c:\windows\Installer\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\NewShortcut1_5396FBD88BD747F992AEF62F13D5A11D_1.exe
+ 2010-09-29 11:23 . 2012-03-11 13:07 22270976 c:\windows\Downloaded Installations\{BBDA860C-E4CC-4246-93D2-7E1E7698BB91}\NETGEAR WG111v3 wireless USB 2.0 adapter.msi
- 2010-09-29 11:23 . 2010-09-29 11:52 22270976 c:\windows\Downloaded Installations\{BBDA860C-E4CC-4246-93D2-7E1E7698BB91}\NETGEAR WG111v3 wireless USB 2.0 adapter.msi
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-19 12:17 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Akamai NetSession Interface"="c:\documents and settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-5-17 49254]
Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2012-3-11 2072576]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-2-1 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tunebite"=g:\tunebbite\Tunebite.exe -tray
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\TestServeur.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Serveur_Jeu.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\BitTorrent\\bittorrent.exe"=
"g:\\Stationripper\\StationRipperConsole.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\UTportable\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\Katia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"12062:TCP"= 12062:TCP:BitComet 12062 TCP
"12062:UDP"= 12062:UDP:BitComet 12062 UDP
"20061:TCP"= 20061:TCP:BitComet 20061 TCP
"20061:UDP"= 20061:UDP:BitComet 20061 UDP
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/08/2001 13:00 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12:13 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/10/2010 11:37 652360]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [19/01/2012 13:17 909152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/10/2010 11:37 20464]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14:12 341504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]
S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva147;XDva147;\??\c:\windows\system32\XDva147.sys --> c:\windows\system32\XDva147.sys [?]
S3 XDva157;XDva157;\??\c:\windows\system32\XDva157.sys --> c:\windows\system32\XDva157.sys [?]
S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva204;XDva204;\??\c:\windows\system32\XDva204.sys --> c:\windows\system32\XDva204.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
IBM_LLC2
captureservice
SQLAgent$LG_LP2
btserial
sfusvc
StkASSrv
vci
servicemgr
PciBus
mcontrol
dot4print
usbvm321
rtm
w810bus
ctljystk
GMSIPCI
hpconfig
syslogd
appdrv
kbstuff
PSDFilter
WGX
mcvsrte
tfsndrct
teefer
nimcdfxk
pduip6000dmemcrdmgr
winss
zebrmdfl
3compxe
pelmouse
wkscfgsrv
nvrd32
pensup
PCDCODEC
Tablet2k
61883
basfipm
BCMWLNPF
pdlnatcm
bt3cusb
yats32
lxcd_device
Xyz777b
snpstd2
acdservice
PTDCMdm
SNC
nsm1bus
ZTEusbser6k
NWFILTER
symevent
savrt
USB28xxBGA
c-dillacdac11ba
SfCtlCom
DellAMBrokerService
shuttleengine
_iomega_active_disk_service_
vstor2-ws60
kservice
mcusrmgr
imountsrv
HSFHWICH
toscosrv
vncmirror
spcstb
keriomailserver
mclserviceatl
quickbooksdb
mwspollserver
AVCamUSB20
USB_NDIS_51
CSRBC
giveio
tifmsony
se59unic
RSAFAL
amon
zunenetworksvc
tosrfsnd
avgarcln
netrcacm
pchost
icollectservice
3combootp
imagesrv
PBADRV
CoachVc
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
oracle_load_balancer_60_client-forms6ip9
REVO
stylexpservice
InterBaseServer
YMIDUSB
pptchpad
btwaudio
vpnva
sqlagent$soshome22
COMMONFX.DLL
utscsi
procexp90
CTSYN
aswmon2
STV680
dlaifs_m
DLARTL_M
diskeeper
CcmExec
s117bus
compbatt
lxrjd31d
mstdc
WinFl32
etoksrv
stylexphelper
pdlndlpb
w70n51
mmc_2K
foldersize
DCamUSBGrandTek
avinitnt
pktfilter
ppmoucls
netmdsb
SWUMX51
QWAVEDRV
ASNDIS5
jsdaemon
mcods
Ndisipo
SE26mdm
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:23]
.
2012-03-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
2012-03-08 c:\windows\Tasks\SpyHunter4.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2012-01-18 05:22]
.
2012-03-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-28 21:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 19:05
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\26.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2012-03-11 19:10:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-11 18:10
ComboFix2.txt 2012-03-11 11:21
.
Avant-CF: 8*561*602*560 octets libres
Après-CF: 8*571*547*648 octets libres
.
- - End Of File - - C8404EBF320442913E22FDC4FDFBEF41
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\dds_trash_log.cmd

Folder::
c:\windows\$NtUninstallKB40057$
c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP

NetSvc::
Xyz777b

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-03-10.02 - Katia 11/03/2012 20:08:29.3.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.727 [GMT 1:00]
Lancé depuis: c:\documents and settings\Katia\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Katia\Bureau\CFScript.txt
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-11 au 2012-03-11 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-11 13:08 . 2012-03-11 13:08 -------- d-----w- C:\OEMSettings
2012-03-09 16:26 . 2012-03-09 16:26 -------- d-----w- c:\documents and settings\Katia\Application Data\SpaceMonger
2012-03-08 22:12 . 2012-03-08 22:12 -------- d-----w- c:\documents and settings\Katia\AppData
2012-03-08 22:08 . 2012-03-08 22:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG Secure Search
2012-03-08 22:05 . 2012-03-08 22:05 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-08 22:03 . 2012-03-08 22:06 -------- d-----w- C:\sh4ldr
2012-03-08 22:03 . 2012-03-08 22:03 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 21:43 . 2012-03-08 21:43 -------- d-----w- c:\documents and settings\Katia\Application Data\GetRightToGo
2012-03-08 12:43 . 2012-03-08 12:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-07 17:43 . 2012-03-11 09:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-07 12:20 . 2012-03-08 22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 22:54 . 2007-08-23 17:30 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-27 22:52 . 2012-02-06 17:43 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-19 18:04 . 2012-01-12 22:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_18.05.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 19:05 . 2012-03-11 19:05 16384 c:\windows\Temp\Perflib_Perfdata_c4.dat
+ 2012-03-11 19:05 . 2012-03-11 19:05 16384 c:\windows\Temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-19 12:17 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Akamai NetSession Interface"="c:\documents and settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-5-17 49254]
Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2012-3-11 2072576]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-2-1 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tunebite"=g:\tunebbite\Tunebite.exe -tray
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\TestServeur.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Serveur_Jeu.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\BitTorrent\\bittorrent.exe"=
"g:\\Stationripper\\StationRipperConsole.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\UTportable\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\Katia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"12062:TCP"= 12062:TCP:BitComet 12062 TCP
"12062:UDP"= 12062:UDP:BitComet 12062 UDP
"20061:TCP"= 20061:TCP:BitComet 20061 TCP
"20061:UDP"= 20061:UDP:BitComet 20061 UDP
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/08/2001 13:00 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12:13 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/10/2010 11:37 652360]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [19/01/2012 13:17 909152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/10/2010 11:37 20464]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14:12 341504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]
S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva147;XDva147;\??\c:\windows\system32\XDva147.sys --> c:\windows\system32\XDva147.sys [?]
S3 XDva157;XDva157;\??\c:\windows\system32\XDva157.sys --> c:\windows\system32\XDva157.sys [?]
S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva204;XDva204;\??\c:\windows\system32\XDva204.sys --> c:\windows\system32\XDva204.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
IBM_LLC2
captureservice
SQLAgent$LG_LP2
btserial
sfusvc
StkASSrv
vci
servicemgr
PciBus
mcontrol
dot4print
usbvm321
rtm
w810bus
ctljystk
GMSIPCI
hpconfig
syslogd
appdrv
kbstuff
PSDFilter
WGX
mcvsrte
tfsndrct
teefer
nimcdfxk
pduip6000dmemcrdmgr
winss
zebrmdfl
3compxe
pelmouse
wkscfgsrv
nvrd32
pensup
PCDCODEC
Tablet2k
61883
basfipm
BCMWLNPF
pdlnatcm
bt3cusb
yats32
lxcd_device
snpstd2
acdservice
PTDCMdm
SNC
nsm1bus
ZTEusbser6k
NWFILTER
symevent
savrt
USB28xxBGA
c-dillacdac11ba
SfCtlCom
DellAMBrokerService
shuttleengine
_iomega_active_disk_service_
vstor2-ws60
kservice
mcusrmgr
imountsrv
HSFHWICH
toscosrv
vncmirror
spcstb
keriomailserver
mclserviceatl
quickbooksdb
mwspollserver
AVCamUSB20
USB_NDIS_51
CSRBC
giveio
tifmsony
se59unic
RSAFAL
amon
zunenetworksvc
tosrfsnd
avgarcln
netrcacm
pchost
icollectservice
3combootp
imagesrv
PBADRV
CoachVc
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
oracle_load_balancer_60_client-forms6ip9
REVO
stylexpservice
InterBaseServer
YMIDUSB
pptchpad
btwaudio
vpnva
sqlagent$soshome22
COMMONFX.DLL
utscsi
procexp90
CTSYN
aswmon2
STV680
dlaifs_m
DLARTL_M
diskeeper
CcmExec
s117bus
compbatt
lxrjd31d
mstdc
WinFl32
etoksrv
stylexphelper
pdlndlpb
w70n51
mmc_2K
foldersize
DCamUSBGrandTek
avinitnt
pktfilter
ppmoucls
netmdsb
SWUMX51
QWAVEDRV
ASNDIS5
jsdaemon
mcods
Ndisipo
SE26mdm
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:23]
.
2012-03-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
2012-03-08 c:\windows\Tasks\SpyHunter4.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2012-01-18 05:22]
.
2012-03-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-28 21:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 20:17
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\26.tmp"
.
Heure de fin: 2012-03-11 20:19:53
ComboFix-quarantined-files.txt 2012-03-11 19:19
ComboFix2.txt 2012-03-11 18:10
ComboFix3.txt 2012-03-11 11:21
.
Avant-CF: 8*564*666*368 octets libres
Après-CF: 8*570*384*384 octets libres
.
- - End Of File - - 3A84E5ABC0ED1FAFDF4E4C7BA360EC23
 
Good.
We're getting there....

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\dds_trash_log.cmd

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-03-10.02 - Katia 11/03/2012 22:09:55.4.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.717 [GMT 1:00]
Lancé depuis: c:\documents and settings\Katia\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Katia\Bureau\CFScript.txt
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-11 au 2012-03-11 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-11 13:08 . 2012-03-11 13:08 -------- d-----w- C:\OEMSettings
2012-03-09 16:26 . 2012-03-09 16:26 -------- d-----w- c:\documents and settings\Katia\Application Data\SpaceMonger
2012-03-08 22:12 . 2012-03-08 22:12 -------- d-----w- c:\documents and settings\Katia\AppData
2012-03-08 22:08 . 2012-03-08 22:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG Secure Search
2012-03-08 22:05 . 2012-03-08 22:05 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-08 22:03 . 2012-03-08 22:06 -------- d-----w- C:\sh4ldr
2012-03-08 22:03 . 2012-03-08 22:03 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 21:43 . 2012-03-08 21:43 -------- d-----w- c:\documents and settings\Katia\Application Data\GetRightToGo
2012-03-08 12:43 . 2012-03-08 12:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-07 17:43 . 2012-03-11 09:38 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-07 12:20 . 2012-03-08 22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 22:54 . 2007-08-23 17:30 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-27 22:52 . 2012-02-06 17:43 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-19 18:04 . 2012-01-12 22:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_18.05.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 21:08 . 2012-03-11 21:08 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
+ 2012-03-11 21:08 . 2012-03-11 21:08 16384 c:\windows\Temp\Perflib_Perfdata_1ec.dat
+ 2008-10-22 19:05 . 2012-03-11 19:57 2241024 c:\windows\Installer\285ec26.msi
- 2008-10-22 19:05 . 2012-03-11 17:39 2241024 c:\windows\Installer\285ec26.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-19 12:17 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-19 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Akamai NetSession Interface"="c:\documents and settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-5-17 49254]
Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2012-3-11 2072576]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-2-1 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tunebite"=g:\tunebbite\Tunebite.exe -tray
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\TestServeur.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Serveur_Jeu.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\BitTorrent\\bittorrent.exe"=
"g:\\Stationripper\\StationRipperConsole.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\UTportable\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\Katia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"12062:TCP"= 12062:TCP:BitComet 12062 TCP
"12062:UDP"= 12062:UDP:BitComet 12062 UDP
"20061:TCP"= 20061:TCP:BitComet 20061 TCP
"20061:UDP"= 20061:UDP:BitComet 20061 UDP
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/08/2001 13:00 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12:13 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/10/2010 11:37 652360]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [19/01/2012 13:17 909152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/10/2010 11:37 20464]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14:12 341504]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]
S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys --> c:\windows\system32\XDva019.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva068;XDva068;\??\c:\windows\system32\XDva068.sys --> c:\windows\system32\XDva068.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva147;XDva147;\??\c:\windows\system32\XDva147.sys --> c:\windows\system32\XDva147.sys [?]
S3 XDva157;XDva157;\??\c:\windows\system32\XDva157.sys --> c:\windows\system32\XDva157.sys [?]
S3 XDva182;XDva182;\??\c:\windows\system32\XDva182.sys --> c:\windows\system32\XDva182.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S3 XDva204;XDva204;\??\c:\windows\system32\XDva204.sys --> c:\windows\system32\XDva204.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
IBM_LLC2
captureservice
SQLAgent$LG_LP2
btserial
sfusvc
StkASSrv
vci
servicemgr
PciBus
mcontrol
dot4print
usbvm321
rtm
w810bus
ctljystk
GMSIPCI
hpconfig
syslogd
appdrv
kbstuff
PSDFilter
WGX
mcvsrte
tfsndrct
teefer
nimcdfxk
pduip6000dmemcrdmgr
winss
zebrmdfl
3compxe
pelmouse
wkscfgsrv
nvrd32
pensup
PCDCODEC
Tablet2k
61883
basfipm
BCMWLNPF
pdlnatcm
bt3cusb
yats32
lxcd_device
snpstd2
acdservice
PTDCMdm
SNC
nsm1bus
ZTEusbser6k
NWFILTER
symevent
savrt
USB28xxBGA
c-dillacdac11ba
SfCtlCom
DellAMBrokerService
shuttleengine
_iomega_active_disk_service_
vstor2-ws60
kservice
mcusrmgr
imountsrv
HSFHWICH
toscosrv
vncmirror
spcstb
keriomailserver
mclserviceatl
quickbooksdb
mwspollserver
AVCamUSB20
USB_NDIS_51
CSRBC
giveio
tifmsony
se59unic
RSAFAL
amon
zunenetworksvc
tosrfsnd
avgarcln
netrcacm
pchost
icollectservice
3combootp
imagesrv
PBADRV
CoachVc
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
oracle_load_balancer_60_client-forms6ip9
REVO
stylexpservice
InterBaseServer
YMIDUSB
pptchpad
btwaudio
vpnva
sqlagent$soshome22
COMMONFX.DLL
utscsi
procexp90
CTSYN
aswmon2
STV680
dlaifs_m
DLARTL_M
diskeeper
CcmExec
s117bus
compbatt
lxrjd31d
mstdc
WinFl32
etoksrv
stylexphelper
pdlndlpb
w70n51
mmc_2K
foldersize
DCamUSBGrandTek
avinitnt
pktfilter
ppmoucls
netmdsb
SWUMX51
QWAVEDRV
ASNDIS5
jsdaemon
mcods
Ndisipo
SE26mdm
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:23]
.
2012-03-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 16:29]
.
2012-03-08 c:\windows\Tasks\SpyHunter4.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2012-01-18 05:22]
.
2012-03-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-28 21:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1:9421
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 22:18
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\26.tmp"
.
Heure de fin: 2012-03-11 22:21:19
ComboFix-quarantined-files.txt 2012-03-11 21:21
ComboFix2.txt 2012-03-11 19:19
ComboFix3.txt 2012-03-11 18:10
ComboFix4.txt 2012-03-11 11:21
.
Avant-CF: 8*564*371*456 octets libres
Après-CF: 8*570*703*872 octets libres
.
- - End Of File - - DDB62F6152724952A766DBCF8F53F12D
 
How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
It's doing well.
No more unwanted reboots and pop-ups, recovered its average speed and stability.
Maybe it's even better than before.





OTL logfile created on: 11/03/2012 23:13:04 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Katia\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959,48 Mb Total Physical Memory | 526,52 Mb Available Physical Memory | 54,88% Memory free
1,14 Gb Paging File | 0,87 Gb Available in Paging File | 76,06% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 8,01 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
Drive D: | 56,79 Gb Total Space | 40,42 Gb Free Space | 71,18% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 76,71 Gb Free Space | 16,47% Space Free | Partition Type: NTFS

Computer Name: KAT | User Name: Katia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 23:08:45 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katia\Bureau\OTL.exe
PRC - [2012/01/19 13:17:39 | 000,909,152 | ---- | M] () -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/19 11:33:26 | 007,663,683 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/10 20:36:02 | 003,340,064 | ---- | M] () -- c:\Program Files\Fichiers communs\Akamai\netsession_win_7de0ed9.dll
MOD - [2012/01/19 13:17:39 | 000,909,152 | ---- | M] () -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
MOD - [2004/12/26 23:00:00 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/08/19 17:09:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (zunenetworksvc)
SRV - File not found [Auto | Stopped] -- -- (ZTEusbser6k)
SRV - File not found [Auto | Stopped] -- -- (zebrmdfl)
SRV - File not found [Auto | Stopped] -- -- (YMIDUSB)
SRV - File not found [Auto | Stopped] -- -- (yats32)
SRV - File not found [Auto | Stopped] -- -- (Xyz777b)
SRV - File not found [Auto | Stopped] -- -- (wkscfgsrv)
SRV - File not found [Auto | Stopped] -- -- (winss)
SRV - File not found [Auto | Stopped] -- -- (WinFl32)
SRV - File not found [Auto | Stopped] -- -- (WGX)
SRV - File not found [Auto | Stopped] -- -- (w810bus)
SRV - File not found [Auto | Stopped] -- -- (w70n51)
SRV - File not found [Auto | Stopped] -- -- (vstor2-ws60)
SRV - File not found [Auto | Stopped] -- -- (vpnva)
SRV - File not found [Auto | Stopped] -- -- (vncmirror)
SRV - File not found [Auto | Stopped] -- -- (vci)
SRV - File not found [Auto | Stopped] -- -- (utscsi)
SRV - File not found [Auto | Stopped] -- -- (usbvm321)
SRV - File not found [Auto | Stopped] -- -- (USB28xxBGA)
SRV - File not found [Auto | Stopped] -- -- (USB_NDIS_51)
SRV - File not found [Auto | Stopped] -- -- (tosrfsnd)
SRV - File not found [Auto | Stopped] -- -- (toscosrv)
SRV - File not found [Auto | Stopped] -- -- (tifmsony)
SRV - File not found [Auto | Stopped] -- -- (tfsndrct)
SRV - File not found [Auto | Stopped] -- -- (teefer)
SRV - File not found [Auto | Stopped] -- -- (Tablet2k)
SRV - File not found [Auto | Stopped] -- -- (syslogd)
SRV - File not found [Auto | Stopped] -- -- (symevent)
SRV - File not found [Auto | Stopped] -- -- (SWUMX51)
SRV - File not found [Auto | Stopped] -- -- (stylexpservice)
SRV - File not found [Auto | Stopped] -- -- (stylexphelper)
SRV - File not found [Auto | Stopped] -- -- (STV680)
SRV - File not found [Auto | Stopped] -- -- (StkASSrv)
SRV - File not found [Auto | Stopped] -- -- (sqlagent$soshome22)
SRV - File not found [Auto | Stopped] -- -- (SQLAgent$LG_LP2)
SRV - File not found [Auto | Stopped] -- -- (snpstd2)
SRV - File not found [Auto | Stopped] -- -- (SNC)
SRV - File not found [Auto | Stopped] -- -- (shuttleengine)
SRV - File not found [Auto | Stopped] -- -- (sfusvc)
SRV - File not found [Auto | Stopped] -- -- (SfCtlCom)
SRV - File not found [Auto | Stopped] -- -- (servicemgr)
SRV - File not found [Auto | Stopped] -- -- (se59unic)
SRV - File not found [Auto | Stopped] -- -- (SE26mdm)
SRV - File not found [Auto | Stopped] -- -- (savrt)
SRV - File not found [Auto | Stopped] -- -- (s117bus)
SRV - File not found [Auto | Stopped] -- -- (rtm)
SRV - File not found [Auto | Stopped] -- -- (RSAFAL)
SRV - File not found [Auto | Stopped] -- -- (REVO)
SRV - File not found [Auto | Stopped] -- -- (QWAVEDRV)
SRV - File not found [Auto | Stopped] -- -- (quickbooksdb)
SRV - File not found [Auto | Stopped] -- -- (PTDCMdm)
SRV - File not found [Auto | Stopped] -- -- (PSDFilter)
SRV - File not found [Auto | Stopped] -- -- (procexp90)
SRV - File not found [Auto | Stopped] -- -- (pptchpad)
SRV - File not found [Auto | Stopped] -- -- (ppmoucls)
SRV - File not found [Auto | Stopped] -- -- (pktfilter)
SRV - File not found [Auto | Stopped] -- -- (pensup)
SRV - File not found [Auto | Stopped] -- -- (pduip6000dmemcrdmgr)
SRV - File not found [Auto | Stopped] -- -- (pdlndlpb)
SRV - File not found [Auto | Stopped] -- -- (pdlnatcm)
SRV - File not found [Auto | Stopped] -- -- (PciBus)
SRV - File not found [Auto | Stopped] -- -- (pchost)
SRV - File not found [Auto | Stopped] -- -- (PCDCODEC)
SRV - File not found [Auto | Stopped] -- -- (PBADRV)
SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_client-forms6ip9)
SRV - File not found [Auto | Stopped] -- -- (NWFILTER)
SRV - File not found [Auto | Stopped] -- -- (nvrd32)
SRV - File not found [Auto | Stopped] -- -- (nsm1bus)
SRV - File not found [Auto | Stopped] -- -- (nimcdfxk)
SRV - File not found [Auto | Stopped] -- -- (netrcacm)
SRV - File not found [Auto | Stopped] -- -- (netmdsb)
SRV - File not found [Auto | Stopped] -- -- (Ndisipo)
SRV - File not found [Auto | Stopped] -- -- (mwspollserver)
SRV - File not found [Auto | Stopped] -- -- (mstdc)
SRV - File not found [Auto | Stopped] -- -- (mmc_2K)
SRV - File not found [Auto | Stopped] -- -- (mcvsrte)
SRV - File not found [Auto | Stopped] -- -- (mcusrmgr)
SRV - File not found [Auto | Stopped] -- -- (mcontrol)
SRV - File not found [Auto | Stopped] -- -- (mcods)
SRV - File not found [Auto | Stopped] -- -- (mclserviceatl)
SRV - File not found [Auto | Stopped] -- -- (lxrjd31d)
SRV - File not found [Auto | Stopped] -- -- (lxcd_device)
SRV - File not found [Auto | Stopped] -- -- (kservice)
SRV - File not found [Auto | Stopped] -- -- (keriomailserver)
SRV - File not found [Auto | Stopped] -- -- (kbstuff)
SRV - File not found [Auto | Stopped] -- -- (jsdaemon)
SRV - File not found [Auto | Stopped] -- -- (InterBaseServer)
SRV - File not found [Auto | Stopped] -- -- (imountsrv)
SRV - File not found [Auto | Stopped] -- -- (imagesrv)
SRV - File not found [Auto | Stopped] -- -- (icollectservice)
SRV - File not found [Auto | Stopped] -- -- (IBM_LLC2)
SRV - File not found [Auto | Stopped] -- -- (HSFHWICH)
SRV - File not found [Auto | Stopped] -- -- (hpconfig)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (GMSIPCI)
SRV - File not found [Auto | Stopped] -- -- (giveio)
SRV - File not found [Auto | Stopped] -- -- (foldersize)
SRV - File not found [Auto | Stopped] -- -- (etoksrv)
SRV - File not found [Auto | Stopped] -- -- (dot4print)
SRV - File not found [Auto | Stopped] -- -- (DLARTL_M)
SRV - File not found [Auto | Stopped] -- -- (dlaifs_m)
SRV - File not found [Auto | Stopped] -- -- (diskeeper)
SRV - File not found [Auto | Stopped] -- -- (DellAMBrokerService)
SRV - File not found [Auto | Stopped] -- -- (DCamUSBGrandTek)
SRV - File not found [Auto | Stopped] -- -- (CTSYN)
SRV - File not found [Auto | Stopped] -- -- (ctljystk)
SRV - File not found [Auto | Stopped] -- -- (CSRBC)
SRV - File not found [Auto | Stopped] -- -- (compbatt)
SRV - File not found [Auto | Stopped] -- -- (COMMONFX.DLL)
SRV - File not found [Auto | Stopped] -- -- (CoachVc)
SRV - File not found [Auto | Stopped] -- -- (c-dillacdac11ba)
SRV - File not found [Auto | Stopped] -- -- (CcmExec)
SRV - File not found [Auto | Stopped] -- -- (captureservice)
SRV - File not found [Auto | Stopped] -- -- (btwaudio)
SRV - File not found [Auto | Stopped] -- -- (btserial)
SRV - File not found [Auto | Stopped] -- -- (bt3cusb)
SRV - File not found [Auto | Stopped] -- -- (BCMWLNPF)
SRV - File not found [Auto | Stopped] -- -- (basfipm)
SRV - File not found [Auto | Stopped] -- -- (avinitnt)
SRV - File not found [Auto | Stopped] -- -- (avgarcln)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - File not found [Auto | Stopped] -- -- (AVCamUSB20)
SRV - File not found [Auto | Stopped] -- -- (aswmon2)
SRV - File not found [Auto | Stopped] -- -- (ASNDIS5)
SRV - File not found [Auto | Stopped] -- -- (appdrv)
SRV - File not found [Auto | Stopped] -- -- (amon)
SRV - File not found [Auto | Stopped] -- -- (acdservice)
SRV - File not found [Auto | Stopped] -- -- (61883)
SRV - File not found [Auto | Stopped] -- -- (3compxe)
SRV - File not found [Auto | Stopped] -- -- (3combootp)
SRV - File not found [Auto | Stopped] -- -- ({a7447300-8075-4b0d-83f1-3d75c8ebc623})
SRV - File not found [Auto | Stopped] -- -- (_iomega_active_disk_service_)
SRV - [2012/02/10 20:36:02 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/19 13:17:39 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012/01/18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/01 22:29:43 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/05/29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva204)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva186)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva182)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva157)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva147)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva092)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva068)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva031)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva019)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (CrystalSysInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acmr0xmm)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2009/07/31 15:12:18 | 000,341,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2008/05/06 07:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (Aspi32)
DRV - [2008/04/13 20:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/03/20 20:00:50 | 000,323,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2008/03/20 19:22:14 | 000,018,944 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/12/11 08:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2006/08/16 11:37:30 | 000,225,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2005/11/03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005/08/10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2002/07/10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/28 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/28 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2542115
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14979&src=crm&q={searchTerms}&locale=fr_FR
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60341
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FD324054-D94F-4167-9D18-A8666038326C}&mid=924c933162059aa7630805c6b9822dff-06ce4fc639803a2e3563922518183d8e94088cb9&lang=us&ds=AVG&pr=fr&d=2011-11-28 18:45:18&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849852
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3
FF - prefs.js..extensions.enabledItems: {4daac69c-cba7-45e2-9bc8-1044483d3352}:3.2.1.3
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/19 13:18:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/19 19:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/25 13:03:52 | 000,000,000 | ---D | M]

[2010/01/26 02:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Extensions
[2012/03/10 11:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\extensions
[2012/03/10 11:37:02 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2012/03/07 13:17:43 | 000,000,000 | ---D | M] (Softonic_France Community Toolbar) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
[2012/03/10 11:37:13 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2012/03/08 23:12:39 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\extensions\bbrs_006@blabbers.com
[2011/06/10 13:26:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\extensions\engine@conduit.com
[2011/11/10 19:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\KATIA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AO9K5KDV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/07/25 13:03:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/19 19:04:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/01/23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/25 13:03:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/01/12 23:31:53 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/01/19 13:17:23 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/12 23:31:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/12 23:31:53 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/01/12 23:31:52 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/01/12 23:31:52 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/01/12 23:31:52 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/03/11 20:16:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1275210071-484061587-725345543-1004..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1275210071-484061587-725345543-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant SMART WIZARD NETGEAR pour WG111v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..Trusted Domains: ([]msn in Poste de travail)
O15 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..Trusted Domains: internet ([]about in Intranet local)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{959FE6FC-D1EC-47FE-BB50-CAA3FF8E1F34}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/09 21:57:02 | 000,000,056 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: IBM_LLC2 - File not found
NetSvcs: captureservice - File not found
NetSvcs: SQLAgent$LG_LP2 - File not found
NetSvcs: btserial - File not found
NetSvcs: sfusvc - File not found
NetSvcs: StkASSrv - File not found
NetSvcs: vci - File not found
NetSvcs: servicemgr - File not found
NetSvcs: PciBus - File not found
NetSvcs: mcontrol - File not found
NetSvcs: dot4print - File not found
NetSvcs: usbvm321 - File not found
NetSvcs: rtm - File not found
NetSvcs: w810bus - File not found
NetSvcs: ctljystk - File not found
NetSvcs: GMSIPCI - File not found
NetSvcs: hpconfig - File not found
NetSvcs: syslogd - File not found
NetSvcs: appdrv - File not found
NetSvcs: kbstuff - File not found
NetSvcs: PSDFilter - File not found
NetSvcs: WGX - File not found
NetSvcs: mcvsrte - File not found
NetSvcs: tfsndrct - File not found
NetSvcs: teefer - File not found
NetSvcs: nimcdfxk - File not found
NetSvcs: pduip6000dmemcrdmgr - File not found
NetSvcs: winss - File not found
NetSvcs: zebrmdfl - File not found
NetSvcs: 3compxe - File not found
NetSvcs: pelmouse - File not found
NetSvcs: wkscfgsrv - File not found
NetSvcs: nvrd32 - File not found
NetSvcs: pensup - File not found
NetSvcs: PCDCODEC - File not found
NetSvcs: Tablet2k - File not found
NetSvcs: 61883 - File not found
NetSvcs: basfipm - File not found
NetSvcs: BCMWLNPF - File not found
NetSvcs: pdlnatcm - File not found
NetSvcs: bt3cusb - File not found
NetSvcs: yats32 - File not found
NetSvcs: lxcd_device - File not found
NetSvcs: snpstd2 - File not found
NetSvcs: acdservice - File not found
NetSvcs: PTDCMdm - File not found
NetSvcs: SNC - File not found
NetSvcs: nsm1bus - File not found
NetSvcs: ZTEusbser6k - File not found
NetSvcs: NWFILTER - File not found
NetSvcs: symevent - File not found
NetSvcs: savrt - File not found
NetSvcs: USB28xxBGA - File not found
NetSvcs: c-dillacdac11ba - File not found
NetSvcs: SfCtlCom - File not found
NetSvcs: DellAMBrokerService - File not found
NetSvcs: shuttleengine - File not found
NetSvcs: _iomega_active_disk_service_ - File not found
NetSvcs: vstor2-ws60 - File not found
NetSvcs: kservice - File not found
NetSvcs: mcusrmgr - File not found
NetSvcs: imountsrv - File not found
NetSvcs: HSFHWICH - File not found
NetSvcs: toscosrv - File not found
NetSvcs: vncmirror - File not found
NetSvcs: spcstb - File not found
NetSvcs: keriomailserver - File not found
NetSvcs: mclserviceatl - File not found
NetSvcs: quickbooksdb - File not found
NetSvcs: mwspollserver - File not found
NetSvcs: AVCamUSB20 - File not found
NetSvcs: USB_NDIS_51 - File not found
NetSvcs: CSRBC - File not found
NetSvcs: giveio - File not found
NetSvcs: tifmsony - File not found
NetSvcs: se59unic - File not found
NetSvcs: RSAFAL - File not found
NetSvcs: amon - File not found
NetSvcs: zunenetworksvc - File not found
NetSvcs: tosrfsnd - File not found
NetSvcs: avgarcln - File not found
NetSvcs: netrcacm - File not found
NetSvcs: pchost - File not found
NetSvcs: icollectservice - File not found
NetSvcs: 3combootp - File not found
NetSvcs: imagesrv - File not found
NetSvcs: PBADRV - File not found
NetSvcs: CoachVc - File not found
NetSvcs: {a7447300-8075-4b0d-83f1-3d75c8ebc623} - File not found
NetSvcs: oracle_load_balancer_60_client-forms6ip9 - File not found
NetSvcs: REVO - File not found
NetSvcs: stylexpservice - File not found
NetSvcs: InterBaseServer - File not found
NetSvcs: YMIDUSB - File not found
NetSvcs: pptchpad - File not found
NetSvcs: btwaudio - File not found
NetSvcs: vpnva - File not found
NetSvcs: sqlagent$soshome22 - File not found
NetSvcs: COMMONFX.DLL - File not found
NetSvcs: utscsi - File not found
NetSvcs: procexp90 - File not found
NetSvcs: CTSYN - File not found
NetSvcs: aswmon2 - File not found
NetSvcs: STV680 - File not found
NetSvcs: dlaifs_m - File not found
NetSvcs: DLARTL_M - File not found
NetSvcs: diskeeper - File not found
NetSvcs: CcmExec - File not found
NetSvcs: s117bus - File not found
NetSvcs: compbatt - File not found
NetSvcs: lxrjd31d - File not found
NetSvcs: mstdc - File not found
NetSvcs: WinFl32 - File not found
NetSvcs: etoksrv - File not found
NetSvcs: stylexphelper - File not found
NetSvcs: pdlndlpb - File not found
NetSvcs: w70n51 - File not found
NetSvcs: mmc_2K - File not found
NetSvcs: foldersize - File not found
NetSvcs: DCamUSBGrandTek - File not found
NetSvcs: avinitnt - File not found
NetSvcs: pktfilter - File not found
NetSvcs: ppmoucls - File not found
NetSvcs: netmdsb - File not found
NetSvcs: SWUMX51 - File not found
NetSvcs: QWAVEDRV - File not found
NetSvcs: ASNDIS5 - File not found
NetSvcs: jsdaemon - File not found
NetSvcs: mcods - File not found
NetSvcs: Ndisipo - File not found
NetSvcs: SE26mdm - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\LameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 23:08:23 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Katia\Bureau\OTL.exe
[2012/03/11 23:05:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/11 18:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\Bureau\GrantPerms
[2012/03/11 14:08:50 | 000,000,000 | ---D | C] -- C:\OEMSettings
[2012/03/11 14:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Assistant Smart Wizard NETGEAR pour WG111v3
[2012/03/11 11:43:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/11 11:26:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/11 11:26:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/11 11:26:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/11 11:26:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/11 11:26:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/11 11:26:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/11 11:02:18 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Katia\Bureau\AppRemover.exe
[2012/03/11 10:56:06 | 004,432,490 | R--- | C] (Swearware) -- C:\Documents and Settings\Katia\Bureau\ComboFix.exe
[2012/03/11 00:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\Bureau\TDSSKiller
[2012/03/10 22:43:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes images
[2012/03/09 17:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SpaceMonger
[2012/03/09 17:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\Application Data\SpaceMonger
[2012/03/08 23:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\AppData
[2012/03/08 23:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AVG Secure Search
[2012/03/08 23:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\Menu Démarrer\Programmes\SpyHunter
[2012/03/08 23:03:27 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/08 23:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/08 22:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\Application Data\GetRightToGo
[2012/03/08 12:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/08 12:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/07 17:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Katia\Bureau\Freak Bro
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2018/09/11 06:31:02 | 001,991,547 | ---- | M] () -- C:\WINDOWS\System32\World.sfc
[2012/03/11 23:08:45 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Katia\Bureau\OTL.exe
[2012/03/11 23:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/11 22:38:45 | 000,187,392 | ---- | M] () -- C:\Documents and Settings\Katia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/11 22:07:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/03/11 22:07:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/11 20:16:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/11 18:32:53 | 000,450,985 | ---- | M] () -- C:\Documents and Settings\Katia\Bureau\GrantPerms.zip
[2012/03/11 18:29:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/11 14:07:58 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant SMART WIZARD NETGEAR pour WG111v3.lnk
[2012/03/11 14:07:58 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Assistant SMART WIZARD NETGEAR pour WG111v3.lnk
[2012/03/11 11:43:32 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/03/11 11:13:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 11:04:05 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Katia\Bureau\AppRemover.exe
[2012/03/11 10:57:59 | 004,432,490 | R--- | M] (Swearware) -- C:\Documents and Settings\Katia\Bureau\ComboFix.exe
[2012/03/11 10:38:52 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/10 01:43:41 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Katia\Bureau\Raccourci vers Content.IE5.lnk
[2012/03/09 17:26:36 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\wnsm2i.rdb
[2012/03/09 00:04:08 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SpyHunter4.job
[2012/03/08 23:18:22 | 000,000,286 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2012/03/08 23:04:55 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\Katia\Bureau\SpyHunter.lnk
[2012/03/07 17:46:46 | 000,000,106 | ---- | M] () -- C:\WINDOWS\QTW.INI
[2012/03/06 14:32:54 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2012/03/04 15:30:19 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\Katia\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/03/04 15:30:19 | 000,000,454 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk
[2012/02/11 15:01:11 | 000,000,186 | ---- | M] () -- C:\Documents and Settings\Katia\Bureau\tunein-station.pls
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========

[2012/03/11 18:32:48 | 000,450,985 | ---- | C] () -- C:\Documents and Settings\Katia\Bureau\GrantPerms.zip
[2012/03/11 14:07:58 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant SMART WIZARD NETGEAR pour WG111v3.lnk
[2012/03/11 14:07:58 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Assistant SMART WIZARD NETGEAR pour WG111v3.lnk
[2012/03/11 11:43:32 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/03/11 11:43:22 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2012/03/11 11:26:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/11 11:26:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/11 11:26:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/11 11:26:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/11 11:26:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/10 01:43:41 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Katia\Bureau\Raccourci vers Content.IE5.lnk
[2012/03/09 17:26:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\wnsm2i.rdb
[2012/03/09 00:04:01 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\SpyHunter4.job
[2012/03/08 23:16:11 | 000,000,286 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2012/03/08 23:04:55 | 000,001,973 | ---- | C] () -- C:\Documents and Settings\Katia\Bureau\SpyHunter.lnk
[2012/03/07 18:43:17 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/03/04 15:30:19 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\Katia\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2012/03/04 15:30:19 | 000,000,454 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\BitTorrent.lnk
[2011/11/22 19:15:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/04/24 15:39:45 | 000,370,176 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011/04/24 15:39:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/24 15:39:35 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/24 14:59:24 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2011/03/20 17:33:25 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2010/11/14 23:23:57 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Katia\Local Settings\Application Data\PUTTY.RND
[2010/11/14 23:16:24 | 000,000,808 | ---- | C] () -- C:\WINDOWS\GMudSVgw.INI
[2010/10/12 12:39:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\Index.ini
[2010/09/19 10:32:21 | 001,537,024 | ---- | C] () -- C:\Documents and Settings\Katia\Application Data\questdb.v12
[2010/09/19 10:32:21 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Katia\Application Data\CDRusersDB.v12

========== LOP Check ==========

[2009/09/21 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoClic
[2012/01/19 13:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2008/03/17 23:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010/01/27 14:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/11/28 18:45:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/09/02 15:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MetaCafe
[2006/10/18 15:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/22 19:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/05/31 02:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2010/02/06 12:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/03/02 03:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/01/30 18:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Steinberg
[2006/07/18 01:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Beep
[2012/03/11 22:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\BitTorrent
[2009/01/05 00:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Blender Foundation
[2012/02/06 17:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Broad Intelligence
[2010/01/27 14:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Canneverbe_Limited
[2012/01/01 02:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Cocoon Software
[2008/05/15 21:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\DAEMON Tools
[2009/11/26 08:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\DMCache
[2007/04/23 23:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\fltk.org
[2012/03/08 22:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\GetRightToGo
[2009/05/17 20:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\InterTrust
[2010/06/05 21:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\KC Softwares
[2006/11/06 16:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Magic Match
[2009/02/06 00:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\MWSE
[2011/04/24 15:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\NeoDivX2008
[2008/10/22 20:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Propellerhead Software
[2011/04/10 15:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Spacejock Software
[2012/03/09 17:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\SpaceMonger
[2005/03/27 18:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Steinberg
[2009/11/04 00:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\Tunebite
[2005/10/02 13:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\TuneUp Software
[2012/01/28 23:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Katia\Application Data\uTorrent
[2009/06/11 07:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2005/05/29 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Propellerhead Software
[2005/03/29 19:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Steinberg
[2006/02/02 17:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\TuneUp Software
[2012/03/08 23:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AVG Secure Search
[2012/03/06 14:32:54 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job
[2012/03/11 23:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/03/09 00:04:08 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\SpyHunter4.job
[2012/03/11 22:07:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job



========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/03/09 21:57:02 | 000,000,056 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/02/01 20:01:05 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/03/11 11:43:32 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2001/08/28 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009/06/11 05:01:29 | 000,003,696 | ---- | M] () -- C:\cleannavi.txt
[2004/08/03 23:00:08 | 000,263,488 | RHS- | M] () -- C:\cmldr
[2012/03/11 22:21:19 | 000,013,841 | ---- | M] () -- C:\ComboFix.txt
[2005/02/01 19:16:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/11 04:52:36 | 000,003,625 | ---- | M] () -- C:\fixnavi.txt
[2006/02/25 15:25:48 | 000,001,091 | ---- | M] () -- C:\INSTALL.LOG
[2005/02/01 19:16:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/01 20:21:59 | 000,000,036 | ---- | M] () -- C:\keyhook.txt
[2005/02/01 19:16:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/02/01 20:56:03 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/02/01 20:56:03 | 000,251,712 | ---- | M] () -- C:\ntldr
[2007/10/01 13:32:38 | 000,000,212 | ---- | M] () -- C:\option.ini
[2012/03/11 22:07:45 | 301,989,888 | -HS- | M] () -- C:\pagefile.sys
[2011/03/25 18:28:58 | 000,036,060 | ---- | M] () -- C:\scrp.gio
[2012/03/08 23:56:56 | 000,003,180 | ---- | M] () -- C:\sh4_service.log
[2010/03/11 14:17:42 | 000,185,835 | ---- | M] () -- C:\shldr
[2012/03/09 00:55:40 | 000,003,556 | ---- | M] () -- C:\spyhunter.log
[2006/12/14 18:34:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/01/12 11:37:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/01/13 12:57:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007/01/14 12:38:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007/01/15 13:58:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007/01/15 22:48:51 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007/01/16 14:06:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007/01/17 03:40:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007/01/17 13:37:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007/01/18 10:43:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/14 20:02:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/05/14 20:02:17 | 000,000,148 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/11/29 17:10:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/01/15 20:58:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/01/16 04:55:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/01/16 09:51:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/16 13:35:06 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/01/16 17:11:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/01/16 18:37:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/01/16 20:57:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2006/12/14 18:34:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007/01/12 11:37:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007/01/13 12:57:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/01/14 12:38:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007/01/15 13:58:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007/01/15 22:48:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007/01/16 14:06:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007/01/17 03:40:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007/01/17 13:37:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007/01/18 10:43:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/14 20:02:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/14 20:02:17 | 000,000,136 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/11/29 17:10:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/01/15 20:58:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/01/16 04:55:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/01/16 09:51:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/01/16 13:35:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/16 17:11:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/01/16 18:37:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/01/16 20:57:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/06/11 05:03:48 | 000,002,711 | ---- | M] () -- C:\TB.txt
[2012/03/11 00:59:37 | 000,052,082 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_11.03.2012_00.47.09_log.txt
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/02/01 19:15:49 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/02/20 17:50:28 | 000,903,680 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\leogeo_timebeat.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/02/01 19:55:17 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/02/01 19:55:17 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/02/01 19:55:17 | 000,385,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/03/05 16:58:12 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Katia\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2010/01/27 18:50:20 | 000,000,128 | -HS- | M] () -- C:\Documents and Settings\Katia\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2001/08/28 13:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/03/06 14:32:54 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2012/03/11 22:21:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/03/11 23:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/09 00:04:08 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\SpyHunter4.job
[2012/03/11 22:07:59 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/03/11 23:05:26 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Katia\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/19 17:10:04 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/14 03:33:22 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/29 12:38:10 | 000,001,007 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 15:01:52 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 03:34:13 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:36:18 | 000,127,843 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1995/06/16 01:03:00 | 000,004,160 | R--- | M] (Apple Computer, Inc.) -- C:\WINDOWS\system\QTNOTIFY.EXE
[2003/10/15 09:26:44 | 001,454,080 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\SmWizard.exe
[1999/09/10 11:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 604 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 493 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Register Baldur's Gate: Tales of the Sword Coast.lnk

< End of report >
 
OTL Extras logfile created on: 11/03/2012 23:13:04 - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Documents and Settings\Katia\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

959,48 Mb Total Physical Memory | 526,52 Mb Available Physical Memory | 54,88% Memory free
1,14 Gb Paging File | 0,87 Gb Available in Paging File | 76,06% Paging File free
Paging file location(s): C:\pagefile.sys 288 576 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 8,01 Gb Free Space | 41,00% Space Free | Partition Type: NTFS
Drive D: | 56,79 Gb Total Space | 40,42 Gb Free Space | 71,18% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 76,71 Gb Free Space | 16,47% Space Free | Partition Type: NTFS

Computer Name: KAT | User Name: Katia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] --
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SpaceMonger] -- "G:\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"12062:TCP" = 12062:TCP:*:Enabled:BitComet 12062 TCP
"12062:UDP" = 12062:UDP:*:Enabled:BitComet 12062 UDP
"20061:TCP" = 20061:TCP:*:Enabled:BitComet 20061 TCP
"20061:UDP" = 20061:UDP:*:Enabled:BitComet 20061 UDP
"1045:TCP" = 1045:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\All Users\Documents\TestServeur.exe" = C:\Documents and Settings\All Users\Documents\TestServeur.exe:*:Enabled:TestServeur -- ()
"C:\Documents and Settings\All Users\Documents\Serveur_Jeu.exe" = C:\Documents and Settings\All Users\Documents\Serveur_Jeu.exe:*:Enabled:Serveur_Jeu -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"G:\BitTorrent\bittorrent.exe" = G:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"G:\Stationripper\StationRipperConsole.exe" = G:\Stationripper\StationRipperConsole.exe:*:Enabled:StationRipperConsole -- ()
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"G:\UTportable\System\UnrealTournament.exe" = G:\UTportable\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"C:\Documents and Settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
"G:\Lionhead Studios Ltd\Black & White\runblack.exe" = G:\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
"G:\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe" = G:\Lionhead Studios Ltd\Black & White\CreatureIsle\CreatureIsle.exe:*:Enabled:lh -- (LionHead Studios Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{096FD000-815F-4BAD-A732-6EFCAA58B114}_is1" = AAC to MP3 Converter
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1F31F120-DA96-4DCF-A823-5820718A2AA6}" = N-Bench_V3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{253CA9FD-36D9-4E02-8EC7-9F17478BF1FF}" = Black & White Creature Isle
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}" = SpyHunter
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AB9354BD-E732-4501-AFBD-6D8EA97F9E58}" = Winamp Goes 3D v1.51 (Light)
"{AC76BA86-7AD7-1033-7646-000000000001}" = Adobe Reader 6.0
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF70923C-8A51-47F4-A7E9-893C6D54EB68}" = TES Construction Set
"AbiWord2" = AbiWord 2.4.6 (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Akamai" = Akamai NetSession Interface Service
"Baldur's Gate" = Baldur's Gate
"BitTorrent" = BitTorrent
"C-Media Audio" = C-Media 3D Audio
"Compel install Adaptec WinASPI-4.6.0(1021)_is1" = Compel Adaptec WinASPI
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"eSpeak_is1" = eSpeak version 1.40.01
"ffdshow_is1" = ffdshow v1.1.4291 [2012-01-31]
"GameWiz32" = GameWiz32
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"KC Softwares KFK_is1" = KC Softwares KFK
"Keeper" = Dungeon Keeper Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.20 Full
"LameACM" = Lame ACM MP3 Codec
"leogeo_timebeat_is1" = leogeo_timebeat
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MilkShape 3D 1.7.9" = MilkShape 3D 1.7.9
"mmswitch" = Morgan Stream Switcher
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 10.0.2 (x86 fr)" = Mozilla Firefox 10.0.2 (x86 fr)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Music NFO Builder_is1" = Music NFO Builder v1.20
"NeoDivX2008" = NeoDivx 2008
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PyFFI-py2.5" = Python 2.5 PyFFI-1.1.0
"RealPlayer 6.0" = RealPlayer
"Ri4m v5.0.1d" = Ri4m v5.0.1d
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpaceMonger" = SpaceMonger 2.1.1
"Spaceward Ho! 4.0" = Spaceward Ho! 4.0
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 305 x264.nl" = x264 Revision 305 x264.nl (remove only)
"Xilisoft DVD Ripper Standard 5" = Xilisoft DVD Ripper Standard 5
"Xvid_is1" = Xvid 1.1.3 final uninstall
"yWriter5_is1" = yWriter5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"QUICKMEDIACONVERTER" = Quick Media Converter
"Winamp Detect" = Détection de l'application Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/03/2012 16:53:33 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 09/03/2012 16:53:52 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 09/03/2012 16:54:11 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 09/03/2012 21:27:15 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 09/03/2012 21:27:41 | Computer Name = KAT | Source = Application Error | ID = 1000
Description = Application défaillante ping.exe, version 5.1.2600.2180, module défaillant
mshtml.dll, version 6.0.2900.3354, adresse de défaillance 0x0006835e.

Error - 10/03/2012 18:43:43 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 10/03/2012 19:07:25 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 10/03/2012 19:08:50 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 10/03/2012 19:10:20 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

Error - 11/03/2012 06:04:56 | Computer Name = KAT | Source = MsiInstaller | ID = 11706
Description = Produit*: Microsoft Office 2000 Small Business -- Erreur 1706. Aucune
source valide détectée pour le produit Microsoft Office 2000 Small Business. Le
programme d'installation de Windows ne peut pas continuer.

[ System Events ]
Error - 11/03/2012 07:29:25 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:25 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:28 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:28 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:32 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:32 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:35 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:35 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 07:29:39 | Computer Name = KAT | Source = Service Control Manager | ID = 7000
Description = Le service AEGIS Protocol (IEEE 802.1x) v3.7.5.0 n'a pas pu démarrer
en raison de l'erreur*: %%2

Error - 11/03/2012 16:58:14 | Computer Name = KAT | Source = Service Control Manager | ID = 7034
Description = Le service SpyHunter 4 Service s'est terminé de façon inattendue pour
la 1ème fois.


< End of report >
 
Good news :)

You can reinstall AVG now.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [Auto | Stopped] -- -- (Xyz777b)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XTrapD12)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva204)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva186)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva182)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva157)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva147)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva092)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva068)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva031)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva019)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acmr0xmm)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=BT3&o=14979&src=crm&q={searchTerms}&locale=fr_FR
IE - HKU\S-1-5-21-1275210071-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O15 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..Trusted Domains: ([]msn in Poste de travail)
O15 - HKU\S-1-5-21-1275210071-484061587-725345543-1004\..Trusted Domains: internet ([]about in Intranet local)
[2012/03/11 23:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
@Alternate Data Stream - 604 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 493 bytes -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Register Baldur's Gate: Tales of the Sword Coast.lnk


:Services

:Reg

:Files
c:\windows\system32\dds_trash_log.cmd

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service Xyz777b stopped successfully!
Service Xyz777b deleted successfully!
Service XTrapD12 stopped successfully!
Service XTrapD12 deleted successfully!
Service XDva204 stopped successfully!
Service XDva204 deleted successfully!
Service XDva186 stopped successfully!
Service XDva186 deleted successfully!
Service XDva182 stopped successfully!
Service XDva182 deleted successfully!
Service XDva157 stopped successfully!
Service XDva157 deleted successfully!
Service XDva147 stopped successfully!
Service XDva147 deleted successfully!
Service XDva092 stopped successfully!
Service XDva092 deleted successfully!
Service XDva068 stopped successfully!
Service XDva068 deleted successfully!
Service XDva031 stopped successfully!
Service XDva031 deleted successfully!
Service XDva019 stopped successfully!
Service XDva019 deleted successfully!
Error: No service named acmr0xmm was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acmr0xmm deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1275210071-484061587-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
HKU\S-1-5-21-1275210071-484061587-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0943516-5076-4020-A3B5-AEFAF26AB263} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0943516-5076-4020-A3B5-AEFAF26AB263}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry value HKEY_USERS\S-1-5-21-1275210071-484061587-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1275210071-484061587-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
ADS C:\Documents and Settings\All Users\Menu Démarrer\Programmes\View Baldur's Gate: Tales of The Sword Coast Readme.lnk deleted successfully.
ADS C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Register Baldur's Gate: Tales of the Sword Coast.lnk deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\dds_trash_log.cmd moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 35672910 bytes
->Flash cache emptied: 620 bytes

User: Katia
->Temp folder emptied: 216391 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55936610 bytes
->Flash cache emptied: 3770780 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Max
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 3573 bytes

User: o
->Temp folder emptied: 1005157 bytes
->Temporary Internet Files folder emptied: 36591 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89414 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 68472964 bytes

Total Files Cleaned = 158,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: Invité

User: Katia
->Java cache emptied: 0 bytes

User: LocalService

User: Max

User: NetworkService

User: o

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Invité
->Flash cache emptied: 0 bytes

User: Katia
->Flash cache emptied: 0 bytes

User: LocalService

User: Max

User: NetworkService
->Flash cache emptied: 0 bytes

User: o

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.36.3 log created on 03122012_142458

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...





Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SpyHunter
TuneUp Utilities 2008
Java(TM) 6 Update 31
Adobe Flash Player 11.1.102.63
Mozilla Firefox (x86 fr..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````





Farbar Service Scanner Version: 01-03-2012
Ran by Katia (administrator) on 12-03-2012 at 17:53:14
Running from "C:\Documents and Settings\Katia\Bureau"
Microsoft Windows XP Professionnel Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2001-08-28 13:00] - [2004-08-19 17:09] - 0111616 ____A (Microsoft Corporation) A44C9220F460E38FC7EC0B4BE4716077

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2001-08-28 14:00] - [2008-04-13 20:21] - 0162816 ____A () 40E65C560013869F14ECEB904F15390D

C:\WINDOWS\system32\Drivers\tcpip.sys
[2001-08-28 14:00] - [2007-10-30 19:20] - 0360064 ____A (Microsoft Corporation) 90CAFF4B094573449A0872A0F919B178

C:\WINDOWS\system32\Drivers\ipsec.sys
[2001-08-28 14:00] - [2004-08-04 00:14] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2001-08-28 13:00] - [2008-02-20 07:35] - 0045568 ____A (Microsoft Corporation) 8F59E8F3F98C5E6A8F760A3DD529D1EC

C:\WINDOWS\system32\ipnathlp.dll
[2001-08-28 13:00] - [2004-08-19 17:09] - 0332800 ____A (Microsoft Corporation) BC919495F27AEEDAC71C123E859413D0

C:\WINDOWS\system32\netman.dll
[2001-08-28 13:00] - [2005-08-22 20:35] - 0197632 ____A (Microsoft Corporation) 0D55724D88488BBFC53BC2EA219240F3

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-02-01 19:12] - [2004-08-19 17:09] - 0145408 ____A (Microsoft Corporation) D62DD45D691350A7029A554831B42BBA

C:\WINDOWS\system32\srsvc.dll
[2005-02-01 19:13] - [2004-08-19 17:09] - 0171008 ____A (Microsoft Corporation) CE978404558CE2D82896AC2032F06DBF

C:\WINDOWS\system32\Drivers\sr.sys
[2005-02-01 20:13] - [2004-08-19 17:04] - 0073600 ____A (Microsoft Corporation) B52181023B827ACDA36C1B76751EBFFD

C:\WINDOWS\system32\wscsvc.dll
[2005-02-01 19:59] - [2004-08-19 17:09] - 0081408 ____A (Microsoft Corporation) 53760D195988739A9945E5F738B85723

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2005-02-01 19:12] - [2004-08-19 17:09] - 0145408 ____A (Microsoft Corporation) D62DD45D691350A7029A554831B42BBA

C:\WINDOWS\system32\wuauserv.dll
[2005-02-01 19:12] - [2004-08-19 17:09] - 0006656 ____A (Microsoft Corporation) A01A65BEA57E71DE6AFB80940D3E1F77

C:\WINDOWS\system32\qmgr.dll
[2005-02-01 20:14] - [2004-08-19 17:09] - 0382464 ____A (Microsoft Corporation) 659F7B6C502051BFA37910614B225548

C:\WINDOWS\system32\es.dll
[2001-08-28 13:00] - [2005-07-26 06:39] - 0243200 ____A (Microsoft Corporation) D9CDB9380E0EFC9E97CC589B5F484B94

C:\WINDOWS\system32\cryptsvc.dll
[2001-08-28 13:00] - [2004-08-19 17:09] - 0060416 ____A (Microsoft Corporation) CD73133EB24C572019944001FAD1B8D9

C:\WINDOWS\system32\svchost.exe
[2001-08-28 13:00] - [2004-08-19 17:10] - 0014336 ____A (Microsoft Corporation) 2979B03D5382A602623C0535B16AB9C0

C:\WINDOWS\system32\rpcss.dll
[2001-08-28 13:00] - [2005-07-26 06:40] - 0397824 ____A (Microsoft Corporation) CB7D37602638369A516757E994CBB31D

C:\WINDOWS\system32\services.exe
[2001-08-28 13:00] - [2004-08-19 17:10] - 0108544 ____A (Microsoft Corporation) 63DCDE1A0D86EEB8924D6738FF616EAD


Extra List:
=======
AegisP(14) Avgfwfd(15) Avgtdix(16) Gpc(3) IPSec(5) irda(8) NetBT(6) NwlnkIpx(9) NwlnkNb(10) PSched(7) Tcpip(4) Tcpip6(11)
0x1100000005000000010000000200000003000000040000000B0000000F0000001000000006000000560000000700000008000000090000000A0000000C0000000D0000000E000000
IpSec Tag value is correct.

**** End of log ****





C:\Documents and Settings\Katia\Mes documents\Téléchargements\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
C:\Documents and Settings\Katia\Mes documents\Téléchargements\SoftonicDownloader_pour_mediacoder.exe Win32/SoftonicDownloader.C application cleaned by deleting - quarantined
C:\Program Files\Navilog1\Backupnavi\miaiiao.exe a variant of Win32/Skintrim.EQ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\ntpr_nic_service2.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.KD trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\netbt.sys a variant of Win32/Sirefef.DA trojan unable to clean
G:\POKEMON\NDS\WinDS PRO\No$gba\NO$GBA2X.EXE probably a variant of Win32/TrojanDownloader.Agent.BLAHCJN trojan cleaned by deleting - quarantined
G:\programe\kfk.exe multiple threats deleted - quarantined
G:\Téléchargements\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
G:\Téléchargements\SoftonicDownloader_pour_mediacoder.exe Win32/SoftonicDownloader.C application cleaned by deleting - quarantined
 
It looks like we have one suspicious system file - netbt.sys

Please run Farbar Service Scanner FSS).
Paste the following in the edit box after "Search:".

netbt.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.
 
Indeed. AVG gave me an alert about the Trojan Horse PSW.Agent.ASTO located here:

c:\WINDOWS\system32\drivers\netbt.sys

The log:

Farbar Service Scanner Version: 01-03-2012
Ran by Katia (administrator) on 14-03-2012 at 11:17:50
Microsoft Windows XP Professionnel Service Pack 2 (X86)

************************************************
======== Search: "netbt.sys" =========

C:\WINDOWS\system32\drivers\netbt.sys
[2001-08-28 14:00] - [2008-04-13 20:21] - 0162816 ____A () 40E65C560013869F14ECEB904F15390D

C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2005-02-01 19:58] - [2008-04-13 20:21] - 0162816 ____N (Microsoft Corporation) 74B2B2F5BEA5E9A3DC021D685551BD3D

C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2010-01-27 17:19] - [2004-08-03 23:14] - 0162816 ____C (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

====== End Of Search ======
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\WINDOWS\$NtServicePackUninstall$\netbt.sys | C:\WINDOWS\system32\drivers\netbt.sys

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-03-10.02 - Katia 15/03/2012 13:29:07.5.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.959.726 [GMT 1:00]
Lancé depuis: c:\documents and settings\Katia\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Katia\Bureau\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\1310216808fc5cb7.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
--------------- FCopy ---------------
.
c:\windows\$NtServicePackUninstall$\netbt.sys --> c:\windows\system32\drivers\netbt.sys
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-15 au 2012-03-15 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-12 16:43 . 2012-03-12 16:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-12 11:04 . 2012-03-12 11:04 -------- d-----w- C:\_OTL
2012-03-12 10:33 . 2012-03-12 10:33 -------- d-----w- c:\documents and settings\Katia\Application Data\AVG2012
2012-03-12 10:29 . 2012-03-15 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-03-12 10:29 . 2012-03-15 12:12 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-12 10:14 . 2012-03-15 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-03-12 09:55 . 2012-03-12 10:27 -------- d-----w- c:\program files\AVG
2012-03-11 13:08 . 2012-03-11 13:08 -------- d-----w- C:\OEMSettings
2012-03-09 16:26 . 2012-03-09 16:26 -------- d-----w- c:\documents and settings\Katia\Application Data\SpaceMonger
2012-03-08 22:12 . 2012-03-08 22:12 -------- d-----w- c:\documents and settings\Katia\AppData
2012-03-08 22:08 . 2012-03-08 22:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVG Secure Search
2012-03-08 22:05 . 2012-03-08 22:05 -------- d-----r- c:\documents and settings\NetworkService\Favoris
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-03-08 22:05 . 2012-03-08 22:05 110080 ----a-r- c:\documents and settings\Katia\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-03-08 22:03 . 2012-03-08 22:06 -------- d-----w- C:\sh4ldr
2012-03-08 22:03 . 2012-03-08 22:03 -------- d-----w- c:\program files\Enigma Software Group
2012-03-08 21:43 . 2012-03-08 21:43 -------- d-----w- c:\documents and settings\Katia\Application Data\GetRightToGo
2012-03-08 12:43 . 2012-03-08 12:43 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-03-07 12:20 . 2012-03-08 22:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 16:42 . 2011-07-25 12:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 22:54 . 2007-08-23 17:30 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-01-27 22:52 . 2012-02-06 17:43 48128 ----a-w- c:\windows\system32\ff_acm.acm
2012-02-19 18:04 . 2012-01-12 22:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_18.05.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-03-15 12:26 . 2012-03-15 12:26 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
+ 2012-03-15 12:26 . 2012-03-15 12:26 16384 c:\windows\Temp\Perflib_Perfdata_5ac.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-03-12 16:43 . 2012-03-12 16:42 157472 c:\windows\system32\javaws.exe
- 2011-07-25 12:03 . 2011-07-25 12:03 157472 c:\windows\system32\javaws.exe
+ 2012-03-12 16:43 . 2012-03-12 16:42 149280 c:\windows\system32\javaw.exe
+ 2012-03-12 16:43 . 2012-03-12 16:42 149280 c:\windows\system32\java.exe
+ 2001-08-28 13:00 . 2004-08-03 22:14 162816 c:\windows\system32\dllcache\netbt.sys
+ 2001-08-28 12:00 . 2004-08-19 16:09 640000 c:\windows\system32\dllcache\dbghelp.dll
+ 2012-03-12 16:43 . 2012-03-12 16:43 203776 c:\windows\Installer\b13594.msi
+ 2012-03-12 16:42 . 2012-03-12 16:42 901120 c:\windows\Installer\b13582.msi
+ 2012-03-12 10:27 . 2012-03-12 10:27 219648 c:\windows\Installer\141284.msi
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2008-10-22 19:05 . 2012-03-14 10:34 2241024 c:\windows\Installer\285ec26.msi
- 2008-10-22 19:05 . 2012-03-11 17:39 2241024 c:\windows\Installer\285ec26.msi
+ 2012-03-12 10:32 . 2012-03-12 10:32 4698112 c:\windows\Installer\14128c.msi
+ 2012-03-12 10:27 . 2012-03-12 10:27 2186240 c:\windows\Installer\141288.msi
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-13 10:01 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Akamai NetSession Interface"="c:\documents and settings\Katia\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-02-03 185872]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-5-17 49254]
Assistant SMART WIZARD NETGEAR pour WG111v3.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2012-3-11 2072576]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-2-1 262144]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Tunebite"=g:\tunebbite\Tunebite.exe -tray
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe"
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"vProt"="c:\program files\AVG Secure Search\vprot.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\TestServeur.exe"=
"c:\\Documents and Settings\\All Users\\Documents\\Serveur_Jeu.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"g:\\BitTorrent\\bittorrent.exe"=
"g:\\Stationripper\\StationRipperConsole.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\UTportable\\System\\UnrealTournament.exe"=
"c:\\Documents and Settings\\Katia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"g:\\Lionhead Studios Ltd\\Black & White\\CreatureIsle\\CreatureIsle.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"12062:TCP"= 12062:TCP:BitComet 12062 TCP
"12062:UDP"= 12062:UDP:BitComet 12062 UDP
"20061:TCP"= 20061:TCP:BitComet 20061 TCP
"20061:UDP"= 20061:UDP:BitComet 20061 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [28/08/2001 13:00 14336]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [09/10/2007 12:13 38144]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/10/2010 11:37 652360]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Fichiers communs\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [13/03/2012 11:01 918880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/10/2010 11:37 20464]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Katia\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [31/07/2009 14:12 341504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
NETSVCS DOIT ÊTRE RÉPARÉ - liste des éléments présents
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
IBM_LLC2
captureservice
SQLAgent$LG_LP2
btserial
sfusvc
StkASSrv
vci
servicemgr
PciBus
mcontrol
dot4print
usbvm321
rtm
w810bus
ctljystk
GMSIPCI
hpconfig
syslogd
appdrv
kbstuff
PSDFilter
WGX
mcvsrte
tfsndrct
teefer
nimcdfxk
pduip6000dmemcrdmgr
winss
zebrmdfl
3compxe
pelmouse
wkscfgsrv
nvrd32
pensup
PCDCODEC
Tablet2k
61883
basfipm
BCMWLNPF
pdlnatcm
bt3cusb
yats32
lxcd_device
snpstd2
acdservice
PTDCMdm
SNC
nsm1bus
ZTEusbser6k
NWFILTER
symevent
savrt
USB28xxBGA
c-dillacdac11ba
SfCtlCom
DellAMBrokerService
shuttleengine
_iomega_active_disk_service_
vstor2-ws60
kservice
mcusrmgr
imountsrv
HSFHWICH
toscosrv
vncmirror
spcstb
keriomailserver
mclserviceatl
quickbooksdb
mwspollserver
AVCamUSB20
USB_NDIS_51
CSRBC
giveio
tifmsony
se59unic
RSAFAL
amon
zunenetworksvc
tosrfsnd
avgarcln
netrcacm
pchost
icollectservice
3combootp
imagesrv
PBADRV
CoachVc
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
oracle_load_balancer_60_client-forms6ip9
REVO
stylexpservice
InterBaseServer
YMIDUSB
pptchpad
btwaudio
vpnva
sqlagent$soshome22
COMMONFX.DLL
utscsi
procexp90
CTSYN
aswmon2
STV680
dlaifs_m
DLARTL_M
diskeeper
CcmExec
s117bus
compbatt
lxrjd31d
mstdc
WinFl32
etoksrv
stylexphelper
pdlndlpb
w70n51
mmc_2K
foldersize
DCamUSBGrandTek
avinitnt
pktfilter
ppmoucls
netmdsb
SWUMX51
QWAVEDRV
ASNDIS5
jsdaemon
mcods
Ndisipo
SE26mdm
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
UxTuneUp
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-13 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:23]
.
2012-03-08 c:\windows\Tasks\SpyHunter4.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2012-01-18 05:22]
.
2012-03-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-28 21:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Connection Wizard,ShellNext = iexplore
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Katia\Application Data\Mozilla\Firefox\Profiles\ao9k5kdv.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd5f0ae47-ef55-4cc5-badc-9f48a3305f92%7D&mid=924c933162059aa7630805c6b9822dff-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-11-28%2018%3A45%3A18&sap=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 13:39
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\26.tmp"
.
Heure de fin: 2012-03-15 13:43:19
ComboFix-quarantined-files.txt 2012-03-15 12:43
ComboFix2.txt 2012-03-11 21:21
ComboFix3.txt 2012-03-11 19:19
ComboFix4.txt 2012-03-11 18:10
ComboFix5.txt 2012-03-15 12:19
.
Avant-CF: 7*961*673*728 octets libres
Après-CF: 7*981*572*096 octets libres
.
- - End Of File - - D4D9A7F2924C43D65E32D6FEEB38C6DD
 
You must log in or register to reply here.

Similar threads

S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
N
Solved The specified service does not exist as an installed service
2
Replies
43
Views
13K
Broni
Broni

Latest posts

Back