trojan.win32.buzus.diya removal

View previous topic View next topic Go down

trojan.win32.buzus.diya removal

Post by slandoulsi on Thu Mar 04, 2010 12:01 pm

Hi

F-secure detected trojan.win32.buzus.diya on my computer but failed to remove it.
Infected file is c:\WINDOWS\msnmgr.exe
No apparent damage so far, computer starts.

Help greatly appreciated.

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by Belahzur on Thu Mar 04, 2010 9:19 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by slandoulsi on Fri Mar 05, 2010 7:17 pm

Thanks for your reply .
Here is OTL.txt ====================================================================================================================================


OTL logfile created on: 05/03/2010 19:45:00 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Skander Landoulsi\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,32 Gb Total Space | 76,68 Gb Free Space | 53,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SKANDER
Current User Name: Skander Landoulsi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 19:41:33 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skander Landoulsi\Bureau\OTL.exe
PRC - [2009/06/29 23:04:48 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Pack Securite SFR\Anti-Virus\fssm32.exe
PRC - [2009/06/29 23:04:48 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\Pack Securite SFR\Anti-Virus\fsgk32.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 14:33:14 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\FSAUA\program\fsus.exe
PRC - [2007/04/26 18:12:12 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Common\FSMB32.EXE
PRC - [2007/04/26 18:12:04 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Common\FSMA32.EXE
PRC - [2007/04/26 18:12:02 | 000,183,208 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Common\FSM32.EXE
PRC - [2007/04/26 18:11:48 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Common\FCH32.EXE
PRC - [2007/04/26 18:11:44 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Common\FAMEH32.EXE
PRC - [2007/04/26 18:10:12 | 000,465,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\FSGUI\fsguidll.exe
PRC - [2007/04/26 18:09:24 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\FWES\program\fsdfwd.exe
PRC - [2007/04/26 18:07:40 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Anti-Virus\fsqh.exe
PRC - [2007/04/26 18:07:30 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Anti-Virus\fsgk32st.exe
PRC - [2007/04/26 18:07:10 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Anti-Virus\fsav32.exe
PRC - [2007/04/26 18:05:58 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\FSAUA\program\fsaua.exe
PRC - [2005/07/22 08:03:14 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 09:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/01/14 08:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/05 19:41:33 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skander Landoulsi\Bureau\OTL.exe
MOD - [2007/04/26 18:13:18 | 000,244,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Pack Securite SFR\Spam Control\fsscoepl.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/04/26 18:12:04 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Pack Securite SFR\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/04/26 18:09:24 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Pack Securite SFR\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/04/26 18:07:30 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Pack Securite SFR\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/04/26 18:05:58 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Pack Securite SFR\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/12/04 17:29:56 | 000,069,632 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2005/06/21 09:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/14 08:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/12/17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2002/12/17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)


========== Driver Services (SafeList) ==========

DRV - [2009/06/29 23:04:48 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Pack Securite SFR\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/17 20:21:09 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/02/13 19:44:09 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Pack Securite SFR\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2007/07/24 22:06:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TV_551805_Sp50.sys -- (TV_551805_Sp50)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/26 18:08:22 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Pack Securite SFR\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/04/26 18:08:18 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Pack Securite SFR\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/12/04 17:34:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/06/06 22:40:48 | 000,180,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/05/25 23:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTUSFSYN.SYS -- (CTUSFSYN)
DRV - [2005/03/25 17:11:00 | 001,350,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2005/02/24 11:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [2005/01/11 01:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSFM2K.SYS -- (ctsfm2k)
DRV - [2005/01/11 01:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2004/12/03 14:55:12 | 000,969,728 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2004/11/18 13:36:02 | 000,379,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanUIG.sys -- (WlanUIG)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/03/19 09:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2001/09/24 10:08:20 | 000,030,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)
DRV - [2001/08/23 18:04:44 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.fr"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/04 08:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 14:41:48 | 000,000,000 | ---D | M]

[2008/07/06 01:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Skander Landoulsi\Application Data\Mozilla\Extensions
[2010/03/04 22:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Skander Landoulsi\Application Data\Mozilla\Firefox\Profiles\wb7z3q7s.default\extensions
[2008/09/27 11:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Skander Landoulsi\Application Data\Mozilla\Firefox\Profiles\wb7z3q7s.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/09/19 14:20:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Skander Landoulsi\Application Data\Mozilla\Firefox\Profiles\wb7z3q7s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/04 22:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/06 15:56:14 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/06 15:56:14 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/02/06 15:56:14 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/07 13:49:04 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/02/06 15:56:14 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/02/06 15:56:14 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/10 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Pack Securite SFR\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\Pack Securite SFR\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKCU..\Run: [SetDefaultMIDI] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} [You must be registered and logged in to see this link.] (ActiveFormX Contrôle)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} [You must be registered and logged in to see this link.] (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\msnmgr.exe) - C:\WINDOWS\msnmgr.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/01 07:17:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e8e8192-25d1-11dd-b5d2-0003c9b009d8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6da4db7-f4fd-11db-b2ef-0003c9b009d8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6da4db7-f4fd-11db-b2ef-0003c9b009d8}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/05 19:41:30 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Skander Landoulsi\Bureau\OTL.exe
[2010/03/04 08:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\Yahoo!
[2010/03/04 02:25:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/03/02 01:15:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/03/01 22:07:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Skander Landoulsi\Mes documents\Téléchargements
[2008/08/17 14:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/06 22:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/08/05 12:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/08/05 12:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2007/07/25 12:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/12/08 20:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/09/01 07:05:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/01 07:05:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/05 19:41:33 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skander Landoulsi\Bureau\OTL.exe
[2010/03/05 15:16:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 15:16:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 15:16:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 15:16:38 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 12:16:49 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\NTUSER.DAT
[2010/03/05 12:16:49 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Skander Landoulsi\ntuser.ini
[2010/03/05 11:42:31 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/03/04 08:55:50 | 000,539,150 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/04 08:55:50 | 000,469,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/04 08:55:50 | 000,096,874 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/04 08:55:50 | 000,083,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/04 08:55:49 | 001,203,964 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/04 08:52:31 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/02 23:46:58 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 22:09:53 | 000,151,552 | RHS- | M] () -- C:\WINDOWS\msnmgr.exe
[2010/02/26 10:53:58 | 000,179,786 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration février ST.pdf
[2010/02/25 20:01:08 | 000,181,743 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration 2 février.pdf
[2010/02/12 17:42:31 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Biblio réinvention tradition.doc
[2010/02/12 11:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/07 02:54:30 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Windows Live Call.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/04 08:51:53 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/03/01 22:20:04 | 000,151,552 | RHS- | C] () -- C:\WINDOWS\msnmgr.exe
[2010/02/26 10:53:58 | 000,179,786 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration février ST.pdf
[2010/02/25 20:01:08 | 000,181,743 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration 2 février.pdf
[2010/02/12 17:42:30 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Biblio réinvention tradition.doc
[2009/09/06 16:54:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\winitn.dll
[2009/09/06 16:54:39 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\coodest.dll
[2009/02/18 20:36:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Effects
[2008/12/20 16:25:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/12/20 16:21:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/13 22:44:25 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/08/19 18:26:17 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2008/08/19 18:26:13 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/07/06 00:43:40 | 000,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/07/06 00:43:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2007/07/26 00:36:02 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/07/26 00:04:08 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/29 22:52:43 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/29 21:29:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/06/29 21:22:27 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2007/06/29 21:22:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Equalizer
[2006/10/01 00:53:45 | 000,022,496 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Valeurs séparées par des virgules (Windows).ADR
[2006/10/01 00:52:51 | 000,006,328 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Valeurs séparées par des virgules (Windows).EML
[2006/06/25 23:31:41 | 000,003,916 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Valeurs séparées par des virgules (Windows).NOT
[2006/04/27 22:46:26 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/04/26 22:38:21 | 000,038,514 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Microsoft Excel.ADR
[2006/04/24 21:02:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\RTELM.dll
[2006/03/26 00:51:20 | 000,000,253 | ---- | C] () -- C:\WINDOWS\dao.ini
[2006/03/26 00:21:19 | 000,000,261 | ---- | C] () -- C:\WINDOWS\oledao95.ini
[2006/01/07 19:04:52 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Bbt97.INI
[2006/01/07 18:30:47 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2005/12/17 20:40:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/17 17:20:07 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2005/12/17 01:32:53 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/15 22:28:46 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2005/12/10 18:53:25 | 000,168,960 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/08 22:15:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2005/12/07 23:47:37 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\fusioncache.dat
[2005/12/04 17:39:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/04 17:37:12 | 000,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/04 17:09:40 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2005/12/04 17:09:40 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2005/12/04 17:09:40 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2005/12/04 17:09:40 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2005/12/04 17:09:40 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2005/12/04 17:09:40 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2005/12/04 17:09:40 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2005/12/04 17:09:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2005/12/04 17:09:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2005/12/04 17:09:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2005/12/04 17:09:40 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2005/12/04 17:09:40 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2005/12/04 17:09:40 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2005/12/04 17:09:40 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2005/12/04 17:09:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2005/12/04 17:09:40 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2005/12/04 17:09:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2005/12/04 17:09:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2005/12/04 17:09:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/12/04 17:09:36 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
[2005/12/04 17:09:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/04 17:08:48 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/05 16:38:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/02/24 11:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005/01/25 14:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
< End of report >
[2010/03/05 19:53:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/05 19:41:33 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skander Landoulsi\Bureau\OTL.exe
[2010/03/05 19:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Skander Landoulsi\Application Data\Skype
[2010/03/05 15:16:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 15:16:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 15:16:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 12:16:49 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\NTUSER.DAT
[2010/03/05 12:16:49 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Skander Landoulsi\ntuser.ini
[2010/03/05 11:42:31 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/03/04 08:55:50 | 000,539,150 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/04 08:55:50 | 000,469,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/04 08:55:50 | 000,096,874 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/04 08:55:50 | 000,083,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/04 08:55:49 | 001,203,964 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/04 08:52:31 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/04 08:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\Yahoo!
[2010/03/03 12:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\Dl_cats
[2010/03/02 23:46:58 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 22:09:53 | 000,151,552 | ---- | M] () -- C:\WINDOWS\msnmgr.exe
[2010/02/26 10:53:58 | 000,179,786 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration février ST.pdf
[2010/02/25 20:01:08 | 000,181,743 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration 2 février.pdf
[2010/02/12 17:42:31 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Biblio réinvention tradition.doc
[2010/02/12 11:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/11 00:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/07 02:54:30 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Windows Live Call.lnk
[2010/01/06 22:50:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/11/16 16:18:45 | 000,084,232 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/08 19:46:14 | 006,951,884 | -H-- | M] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\IconCache.db
[2009/06/16 20:54:36 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/18 20:36:55 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2009/02/18 20:36:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Equalizer
[2009/02/18 20:36:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Effects
[2008/08/19 18:01:59 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/08/17 14:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/07/06 22:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/09/29 21:26:22 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/05 12:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/08/05 12:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2007/07/26 00:36:10 | 000,000,187 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/07/25 12:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/10/01 12:40:04 | 000,022,496 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Valeurs séparées par des virgules (Windows).ADR
[2006/10/01 12:37:19 | 000,038,514 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Microsoft Excel.ADR
[2006/10/01 00:52:51 | 000,006,328 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Valeurs séparées par des virgules (Windows).EML
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/25 23:31:48 | 000,003,916 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\Valeurs séparées par des virgules (Windows).NOT
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/12/08 20:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/12/07 23:57:22 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\fusioncache.dat
[2005/09/01 07:08:14 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Skander Landoulsi\Application Data\desktop.ini
[2005/09/01 07:08:14 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/09/01 07:05:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/09/01 07:05:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/05 19:41:33 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skander Landoulsi\Bureau\OTL.exe
[2010/03/05 15:16:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/05 15:16:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/05 15:16:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/05 15:16:38 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/05 12:16:49 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\NTUSER.DAT
[2010/03/05 12:16:49 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Skander Landoulsi\ntuser.ini
[2010/03/05 11:42:31 | 000,000,534 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/03/04 08:55:50 | 000,539,150 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/03/04 08:55:50 | 000,469,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/04 08:55:50 | 000,096,874 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/03/04 08:55:50 | 000,083,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/04 08:55:49 | 001,203,964 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/04 08:52:31 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/02 23:46:58 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/01 22:09:53 | 000,151,552 | RHS- | M] () -- C:\WINDOWS\msnmgr.exe
[2010/02/26 10:53:58 | 000,179,786 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration février ST.pdf
[2010/02/25 20:01:08 | 000,181,743 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\déclaration 2 février.pdf
[2010/02/12 17:42:31 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Biblio réinvention tradition.doc
[2010/02/12 11:03:03 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/02/07 02:54:30 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Skander Landoulsi\Bureau\Windows Live Call.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< End of report >


< End of report >

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by slandoulsi on Fri Mar 05, 2010 7:18 pm

the Extras.txt file


================================================
==================================================
================================================



OTL Extras logfile created on: 05/03/2010 19:45:01 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Skander Landoulsi\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,32 Gb Total Space | 76,68 Gb Free Space | 53,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SKANDER
Current User Name: Skander Landoulsi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe" = C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe -- File not found
"C:\Program Files\Pinnacle\MediaCenter\PmcSettings.exe" = C:\Program Files\Pinnacle\MediaCenter\PmcSettings.exe:LocalSubNet:Enabled:pmcsettings.exe -- File not found
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe -- File not found
"C:\Program Files\Pinnacle\MediaCenter\EpgSpoolerSrv.exe" = C:\Program Files\Pinnacle\MediaCenter\EpgSpoolerSrv.exe:LocalSubNet:Enabled:EpgSpoolerSrv.exe -- File not found
"C:\Program Files\Pinnacle\MediaCenter\tvtvWizard.exe" = C:\Program Files\Pinnacle\MediaCenter\tvtvWizard.exe:LocalSubNet:Enabled:tvtvWizard.exe -- File not found
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe -- File not found
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Call of Duty\CoDMP.exe" = C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Documents and Settings\Skander Landoulsi\Mes documents\Téléchargements\pic1312-jpg-www-myspace-com(2).exe" = C:\Documents and Settings\Skander Landoulsi\Mes documents\Téléchargements\pic1312-jpg-www-myspace-com(2).exe:*:Enabled:Userinit -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = Adaptateur USB-IrDA
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7421E270-0140-4F62-AE39-ECB9F1C81B35}" = Sagem XG703 USB 802.11g
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner (remove only)
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Free Easy Burner_is1" = Free Easy Burner V 3.8
"F-Secure Product 440" = Pack Sécurité SFR
"ie8" = Windows Internet Explorer 8
"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Skype_is1" = Skype 3.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/03/2010 15:18:58 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 04/03/2010 16:02:05 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 04/03/2010 18:06:02 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 04/03/2010 19:23:54 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:43:45 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:44:28 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:44:43 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:45:27 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:51:21 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:51:59 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

[ OSession Events ]
Error - 06/07/2008 15:59:22 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8168
seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:36 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:46 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:52 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:56 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 16:00:04 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 16:00:14 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/09/2008 10:39:15 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/08/2009 08:38:13 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 993
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/03/2010 13:39:01 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:44:11 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:49:21 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:54:31 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:59:41 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:04:51 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:10:01 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:15:11 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:20:21 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:25:31 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Service Partage réseau du Lecteur Windows Media
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe" = C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe -- File not found
"C:\Program Files\Pinnacle\MediaCenter\PmcSettings.exe" = C:\Program Files\Pinnacle\MediaCenter\PmcSettings.exe:LocalSubNet:Enabled:pmcsettings.exe -- File not found
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe -- File not found
"C:\Program Files\Pinnacle\MediaCenter\EpgSpoolerSrv.exe" = C:\Program Files\Pinnacle\MediaCenter\EpgSpoolerSrv.exe:LocalSubNet:Enabled:EpgSpoolerSrv.exe -- File not found
"C:\Program Files\Pinnacle\MediaCenter\tvtvWizard.exe" = C:\Program Files\Pinnacle\MediaCenter\tvtvWizard.exe:LocalSubNet:Enabled:tvtvWizard.exe -- File not found
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe -- File not found
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Call of Duty\CoDMP.exe" = C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Documents and Settings\Skander Landoulsi\Mes documents\Téléchargements\pic1312-jpg-www-myspace-com(2).exe" = C:\Documents and Settings\Skander Landoulsi\Mes documents\Téléchargements\pic1312-jpg-www-myspace-com(2).exe:*:Enabled:Userinit -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B568EF0-5280-4E27-BE21-74D15F0BD8AF}" = Samsung PC Studio 3
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = Adaptateur USB-IrDA
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{460CE8B9-6EC2-458A-90D4-691631ECE9D9}" = Pinnacle MediaServer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7421E270-0140-4F62-AE39-ECB9F1C81B35}" = Sagem XG703 USB 802.11g
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (PINNACLESYS)
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner (remove only)
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Free Easy Burner_is1" = Free Easy Burner V 3.8
"F-Secure Product 440" = Pack Sécurité SFR
"ie8" = Windows Internet Explorer 8
"InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}" = PC Camer@
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Skype_is1" = Skype 3.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/03/2010 18:06:02 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 04/03/2010 19:23:54 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:43:45 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:44:28 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:44:43 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:45:27 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:51:21 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:51:59 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:55:22 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

Error - 05/03/2010 14:55:57 | Computer Name = SKANDER | Source = F-Secure Anti-Virus | ID = 103
Description =

[ OSession Events ]
Error - 06/07/2008 15:59:22 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8168
seconds with 60 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:36 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:46 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:52 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 15:59:56 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 16:00:04 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/07/2008 16:00:14 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/09/2008 10:39:15 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/08/2009 08:38:13 | Computer Name = SKANDER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 993
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/03/2010 13:39:01 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:44:11 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:49:21 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:54:31 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 13:59:41 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:04:51 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:10:01 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:15:11 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:20:21 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

Error - 05/03/2010 14:25:31 | Computer Name = SKANDER | Source = NetBT | ID = 4321
Description = Le nom "WORKGROUP :1d" n'a pas pu être enregistré sur l'interface
avec l'adresse IP 192.168.1.190. L'ordinateur avec l'adresse IP 192.168.1.1 n'a
pas permis que le nom soit réclamé par cet ordinateur.

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by Belahzur on Fri Mar 05, 2010 8:23 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\msnmgr.exe) - C:\WINDOWS\msnmgr.exe ()
    [2010/03/01 22:09:53 | 000,151,552 | RHS- | M] () -- C:\WINDOWS\msnmgr.exe

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\Windows\system32\userinit.exe",


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by slandoulsi on Fri Mar 05, 2010 8:51 pm

Thanks again. The fix log below...

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Starting removal of ActiveX control {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\msnmgr.exe deleted successfully.
File move failed. C:\WINDOWS\msnmgr.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\msnmgr.exe scheduled to be moved on reboot.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\Windows\system32\userinit.exe", /E : value set successfully!

OTL by OldTimer - Version 3.1.34.0 log created on 03052010_214151

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\msnmgr.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by Belahzur on Fri Mar 05, 2010 11:08 pm

(Gunsmoke) Hmm, that file isn't wanting to go without a fight, okay then, lets get the bigger weapons out.

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by slandoulsi on Sat Mar 06, 2010 2:20 pm

Hi

Here is combofix.txt

========================

ComboFix 10-03-05.03 - Skander Landoulsi 06/03/2010 15:00:41.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1497 [GMT 1:00]
Lancé depuis: c:\documents and settings\Skander Landoulsi\Bureau\Combo-Fix.exe
AV: Pack Sécurité SFR 7.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Pack Sécurité SFR 7.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-06 au 2010-03-06 ))))))))))))))))))))))))))))))))))))
.

2010-03-05 20:41 . 2010-03-05 20:41 -------- d-----w- C:\_OTL
2010-03-04 07:45 . 2010-03-04 07:45 -------- d-----w- c:\documents and settings\Skander Landoulsi\Local Settings\Application Data\Yahoo!
2010-03-04 01:25 . 2010-03-04 01:25 -------- d--h--w- c:\windows\PIF
2010-03-02 00:15 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 18:41 . 2006-01-27 19:37 -------- d-----w- c:\documents and settings\Skander Landoulsi\Application Data\Skype
2010-03-04 07:55 . 2005-09-01 05:53 96874 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-04 07:55 . 2005-09-01 05:53 539150 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-03 11:16 . 2005-12-08 22:09 -------- d-----w- c:\program files\Dl_cats
2010-02-10 23:29 . 2008-05-29 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-21 20:47 . 2005-12-08 20:31 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-21 11:40 . 2009-09-16 00:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-31 16:50 . 2005-12-04 16:08 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2005-09-01 05:53 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2005-12-10 10:56 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2005-09-01 05:53 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:08 . 2005-09-01 05:53 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:08 . 2004-08-04 00:48 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"F-Secure Manager"="c:\program files\Pack Securite SFR\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite SFR\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/08/2007 10:29 51072]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Pack Securite SFR\HIPS\fshs.sys [11/08/2007 10:28 41184]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Pack Securite SFR\Anti-Virus\minifilter\fsgk.sys [11/08/2007 10:28 77824]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [24/02/2005 11:29 162176]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [14/09/2006 22:26 379456]
S3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [27/04/2006 22:46 969728]
S3 TV_551805_Sp50;TV_551805_Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\TV_551805_Sp50.sys [24/07/2007 22:06 27072]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Pack Securite SFR\Anti-Virus\win2k\fsfilter.sys [11/08/2007 10:28 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Pack Securite SFR\Anti-Virus\win2k\fsrec.sys [11/08/2007 10:28 25456]
.
Contenu du dossier 'Tâches planifiées'

2005-12-08 c:\windows\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-09-01 02:34]

2010-03-06 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\PACKSE~2\ANTI-V~1\fsav.exe [2007-08-11 11:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title =
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} - [You must be registered and logged in to see this link.]
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Skander Landoulsi\Application Data\Mozilla\Firefox\Profiles\wb7z3q7s.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Skander Landoulsi\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-SetDefaultMIDI - MIDIDef.exe
HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-06 15:04
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\Pack Securite SFR\FWES\Program\fsdc.dll

- - - - - - - > 'lsass.exe'(916)
c:\program files\Pack Securite SFR\FWES\Program\fsdc.dll

- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(836)
c:\program files\Pack Securite SFR\FWES\Program\fsdc.dll
.
Heure de fin: 2010-03-06 15:06:07
ComboFix-quarantined-files.txt 2010-03-06 14:06

Avant-CF: 82 201 964 544 octets libres
Après-CF: 82 364 092 416 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 96A47FE78DEE5F929203A62ECF4C8989

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by Belahzur on Sat Mar 06, 2010 3:57 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by slandoulsi on Sun Mar 07, 2010 11:19 am

Hello

Eset didn't detect any threat but F-secure still find the troyan.
Let me think



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5f6734a6dd11046aaa16bbe48902d61
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-06 06:22:47
# local_time=2010-03-06 07:22:47 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 3783 3783 0 0
# scanned=83527
# found=0
# cleaned=0
# scan_time=3892
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5f6734a6dd11046aaa16bbe48902d61
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-06 11:31:58
# local_time=2010-03-07 12:31:58 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 21342 21342 0 0
# scanned=27881
# found=0
# cleaned=0
# scan_time=4948
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5f6734a6dd11046aaa16bbe48902d61
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-03-07 03:11:18
# local_time=2010-03-07 04:11:18 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 26328 26328 0 0
# scanned=84343
# found=0
# cleaned=0
# scan_time=13091

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by Belahzur on Sun Mar 07, 2010 8:12 pm

Hello.

Does F-Secure say where?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by slandoulsi on Mon Mar 08, 2010 12:40 pm

hello

Not sure to understand what happened actually : I run eset which didn't find anything, at the end of the scanning F-secured poped-up saying that it detected the virus. That's what I wrote to you. But after that I realized that the virus was quarantined Whoa! , so I clicked on "clean the threat" and this time it succeeded Hooray! . I scanned the full computer one more time and no threats were detected.
So I guess it is clean now, isn't it ? Let me think

slandoulsi
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-03-04
OS OS : Windows XP
Points Points : 24763
# Likes # Likes : 0

View user profile

Back to top Go down

Re: trojan.win32.buzus.diya removal

Post by Belahzur on Mon Mar 08, 2010 4:51 pm

Okay then, this should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum