Virus that disables antivirus

Solved
lenormand49 Posted messages 115 Status Member -  
 Anonymous user -
Hello,
I have a virus on my computer that blocks the startup of the antivirus (PC-cillin 12) and Spybot.
When I try to start the antivirus manually, an error message appears for a few seconds, saying that there is a conflict between the antivirus and an installed software.
I attempted to boot in safe mode, but the computer crashes (blue screen).
If someone can help me, because I'm in deep trouble here...
Thanks
Configuration: Windows XP Pro Firefox 3.5.6

38 answers

  • 1
  • 2
  1. Anonymous user
     
    follow this on the infected PC, you have quite a few infections including BAGLE, normally after running the first tool (FindyKill), you should be able to connect to the internet:

    • Download FindyKill on the Desktop:
    http://findykill.changelog.fr/Setup.exe
    or
    http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
    • Double-click on FindyKill located on the Desktop.
    • Choose option 2 (removal).
    • Let the tool work.

    • Then post the FindyKill.txt report that will appear (if you have created a thread on a forum to get help).
    • Note: The FindyKill.txt report is saved at the root of the disk (C:\FindyKill.txt).

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)
    • Note: "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
    It is not a virus, but a utility intended to terminate processes.
    • Tutorial: http://pagesperso-orange.fr/NosTools/index.html
    Note: the UAC in Vista no longer interferes with FindyKill.

    Download USBFIX on your desktop:
    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    or here:
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Connect your external data sources to your PC (USB flash drive, external hard drive, etc...) that may have been infected without opening them

    • Double click on the UsbFix shortcut on your desktop.
    • Choose option 2 (removal)
    • Let the tool work.

    • Then post the UsbFix.txt report that will appear.
    • Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

    • Note: "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
    It is not a virus, but a utility intended to terminate processes.

    • Tutorial: http://pagesperso-orange.fr/nostools/tuto_usbfix2.html
    2
  2. Anonymous user
     
    /!\ Warning:
    This software should only be used as prescribed by a qualified helper trained in the tool.
    Do not use it outside of this scenario: dangerous!


    Download ComboFix from this link:
    https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
    or here:
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    To read
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ► And importantly, save it to the desktop.
    Before using ComboFix:
    ► Disconnect from the internet and close all open program windows.
    ► Temporarily disable only for the duration of using ComboFix, the real-time protection of your Antivirus and Antispywares, which can severely interfere with the scanning and cleaning process of the tool.
    Once done, double-click on Combofix.exe on your desktop.
    - Respond yes to the warning message, so the program can start scanning the PC.

    /!\ During this step, do not use the PC and do not open any programs.
    - At the end of the scan, it is possible that ComboFix will need to restart the PC to finalize the disinfection/search, let it do so.
    - A report will then open in Notepad; this report file Combofix.txt is automatically saved and located at C:\Combofix.txt)
    ► Reactivate the real-time protection of your Antivirus and Antispywares before reconnecting to the internet.
    ► Go back to the forum, and copy and paste all the content of C:\Combofix.txt into your next message.

    If it does not work, delete combofix from your desktop and download from this link jacombo which is combofix renamed, this allows to counter certain infections, put it on your desktop and follow the instructions given in the ComboFix procedure

    http://sd-1.archive-host.com/membres/up/89820622056365782/jacombo.exe

    •Download Malwarebytes' Anti-Malware:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    or here: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    . on the page click on Download Malwarebytes' Anti-Malware
    . save it to the desktop
    . Double click on the downloaded file to start the installation process.
    . In the "update" tab, click on the Check for updates button
    . if the firewall asks for permission to connect for Malwarebytes, accept
    . Once the update is complete
    . go to the Scan tab
    . Select Run a complete scan
    . Click on Scan
    . The scan starts.
    . At the end of the scan, a message will appear: The scan has completed normally. Click on 'Show results' to display all found items.
    . Click Ok to continue.
    . If any malware were detected, click on Show results
    . Select all (or leave checked) and click on Delete selection Malwarebytes will destroy the files and registry keys and put a copy in quarantine
    .
    . Malwarebytes will open Notepad and copy the scan report there.
    . go to the report/log tab
    . click on it to display it once displayed
    . click on edit at the top of Notepad, then select all
    . click on edit again and then click on copy and go back to the forum and in your reply
    . Right-click in the response box and paste
    . At the end of the scan, it may be that MBAM needs to restart the PC to finalize the deletion, so don't panic, restart your PC!!!

    If you need help, check this tutorial:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    1
  3. Anonymous user
     
    download Ccleaner from this address

    https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

    .save it to the desktop
    .double-click on the file to start the installation
    .in the installation window, select French for the language and click OK
    .click next
    .read the license and accept
    .click next
    .here, check only the options to create a shortcut on the desktop and to automatically check for Ccleaner updates
    .click install
    .click close
    .double-click on the Ccleaner icon to open it
    .once open, click on options and then advanced
    .uncheck "delete only files from the Windows temp folder older than 48 hours"
    .click on cleaner
    .click on Windows and in the advanced column
    .check the first box for old prefetch data and ensure that the box for old prefetch data is selected and the advanced box is automatically checked, but just that one
    .click analyze once the analysis is complete
    .click on run cleaner and on the confirmation request click OK. You will need to do it again once finished, check again by clicking analyze to make sure there’s nothing left
    .now click on registry and then on search for issues
    .leave everything checked and click on fix selected issues
    .it will ask you to save, click YES
    .give it a name so you can find it and save
    .click on fix all selected issues and on the confirmation request click OK
    .it will delete and close. Check again by restarting the search for issues
    .go back to options and check again the box for "delete only files from the Windows temp folder older than 48 hours" and in cleaner, Windows under advanced uncheck the first box for old prefetch data
    .you can close Ccleaner

    at the end of this operation, let me know how the pc is functioning :-)
    1
  4. Anonymous user
     
    very well :-)
    download Ccleaner from this address

    https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

    .save it on the desktop
    .double-click on the file to start the installation
    .in the installation window, choose French for the language and click OK
    .click on Next
    .read the license and I accept
    .click on Next
    .here, keep only the options to create a shortcut on the desktop and automatically check for Ccleaner updates checked
    .click on install
    .click on close
    .double-click on the Ccleaner icon to open it
    .once open, click on options and then advanced
    .uncheck erase only files from the Windows temp folder older than 48 hours
    .click on cleaner
    .click on Windows and in the advanced column
    .check the first box old data from prefetch, so that gives you the old data from prefetch box and the advanced box which is checked automatically but only that one
    .click on analyze once the analysis is complete
    .click on run the cleaning and on the confirmation prompt OK, you will need to do this again, once finished, check again by clicking analyze to make sure there is nothing left
    .now click on registry and then on search for errors
    .leave everything checked and click on repair the selected errors
    .it will ask you to backup YES
    .give it a name so you can find it and save
    .click on fix all selected errors and on the confirmation prompt OK
    .it deletes and closes, check by rerunning search for errors
    .go back to options and check the box erase only files from the Windows temp folder older than 48 hours again and in cleaner, Windows under advanced, uncheck the first box old data from prefetch
    .you can close Ccleaner

    • To uninstall the disinfection tools we used:

    Download ToolsCleaner2--> http://pc-system.fr/
    -Once downloaded, install it and run it
    -Click on Search and let the scan finish
    -Click on DELETE
    -Click on Exit so the report can be created
    -Send me the report located here--> C:\TCleaner.txt

    • Deactivating, then Reactivating system restore after disinfection:

    It is necessary to deactivate and then reactivate system restore to purge it because restore points may be infected:
    For XP: https://www.commentcamarche.net/faq/5097-virus-system-volume-information

    For Vista: https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista

    For Windows 7:

    https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/

    create a new system restore point, it can be useful ;-)

    give me updates on the functioning of the pc :-)
    1
  5. Anonymous user
     
    Hello,
    Are you able to restart your PC?
    If yes, follow this and post the reports:

    • Download random's system information tool (RSIT) and save it to your desktop.
    http://images.malwareremoval.com/random/RSIT.exe

    Tutorial: https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    Double click on RSIT.exe to run the tool.
    Click 'continue' on the Disclaimer screen.
    If the HIjackThis tool (updated version) is not present or not detected on the computer, RSIT will download it and you will need to accept the license.
    Once the scan is finished, 2 reports will appear. Post the content of the 2 reports separately. They are located on c:
    (log.txt & info.txt)
    (CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
    0
  6. lenormand49 Posted messages 115 Status Member 8
     
    small clarification: the infected computer is currently disconnected from the internet. I am working on another machine.
    Here is the log
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Admin at 2010-01-07 17:52:19
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 25 GB (25%) free of 100 GB
    Total RAM: 2046 MB (73% free)

    HijackThis download failed

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
    "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-05-05 14396416]
    "RemoteControl"=C:\WINDOWS\system32\rmctrl.exe [2000-10-16 32768]
    "pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2010-01-07 823361]
    "Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [2001-06-19 200704]
    "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
    "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
    "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]
    "EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-10-04 35328]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [2005-01-09 858624]
    "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-09-15 37888]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
    "ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232]
    "UPSMS"=C:\Program Files\Commander Pro\UPSMS.exe [2009-06-28 114688]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
    "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
    "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
    "IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-11-19 128352]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Logman"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\logman.exe [2009-12-20 95232]
    "rsvp"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\rsvp.exe [2009-12-20 95232]
    "ComRepl"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\comrepl.exe [2009-12-20 95232]
    "DllHst"=C:\WINDOWS\dllhst3g.exe [2009-12-20 95232]
    "Spool"=C:\DOCUME~1\ADMIN~1.XPS\A [2007-10-01 14582]
    "Cisvc"=C:\WINDOWS\cisvc.exe [2009-12-20 95232]
    "CmSTP"=C:\DOCUME~1\ADMIN~1.XPS\A [2007-10-01 14582]
    "Esent Utl"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\esentutl.exe [2009-12-20 95232]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "NCLaunch"=C:\WINDOWS\NCLAUNCH.EXe [2007-03-19 40960]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2005-01-09 858624]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "CmSTP"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\cmstp.exe [2009-12-20 95232]
    "Mstsc"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\mstsc.exe [2009-12-20 95232]
    "MstInit"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\mstinit.exe [2009-12-20 95232]
    "Cisvc"=C:\WINDOWS\cisvc.exe [2009-12-20 95232]
    "Logman"=C:\WINDOWS\logman.exe [2009-12-20 95232]
    "ComRepl"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe [2009-12-20 95232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-04-14 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2004-07-09 1249280]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
    WiFi Station for Livebox.lnk - C:\Program Files\Hercules\WiFi Station for Livebox\WifiStationLB.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Start Menu\Programs\Startup
    GM_DevUpdate.lnk - C:\Program Files\HAMA Joystick Outlandish\GM_DevUpdate.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispScrSavPage"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=95000000
    "NoSMHelp"=1
    "MemCheckBoxInRunDlg"=1
    "NoSMBalloonTip"=1
    "NoDesktopCleanupWizard"=1
    "NoWelcomeScreen"=1
    "NoAutoUpdate"=1
    "NoBandCustomize"=1

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Westwood\SUN\GAME.ICD"="C:\Program Files\Westwood\SUN\GAME.ICD:*:Enabled:Main executable for Tiberian Sun"
    "C:\Program Files\Westwood\SUN\Game.exe"="C:\Program Files\Westwood\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
    "C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber"
    "C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\Program Files\Valve\Half Life 2\hl2.exe"="C:\Program Files\Valve\Half Life 2\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Half-Life\hl.exe"="C:\Program Files\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Half-Life\hlupdate.exe"="C:\Program Files\Half-Life\hlupdate.exe:*:Enabled:hlupdate.exe"
    "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
    "C:\Program Files\EA Games\Command and Conquer Generals\game.dat"="C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe"="C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:*:Enabled:Rise Of Legends"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule iONiX Mod"
    "C:\Program Files\EA Games\Command & Conquer Generals - Heure H\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals - Heure H\game.dat:*:Enabled:game"
    "%windir%\system32\dpvsetup.exe"="%windir%\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "%windir%\system32\rundll32.exe"="%windir%\system32\rundll32.exe:*:Enabled:Run a DLL as an Application"
    "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Audio Windows Media(TM) (wma)"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\WINDOWS\Temp\occ.exe"="C:\WINDOWS\Temp\occ.exe:*:Enabled:OneCC Module"
    "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
    "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
    "C:\Program Files\The Gladiators\The Gladiators.exe"="C:\Program Files\The Gladiators\The Gladiators.exe:*:Enabled:The Gladiators"
    "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Temp\.ttB.tmp"="C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Temp\.ttB.tmp:*:Enabled:enable"
    "C:\WINDOWS\system32\sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable"
    "C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe"="C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit"
    "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars™"
    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Temp\ElectronicArts_Patcher_000.exe"="C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
    "C:\Program Files\Electronic Arts\Command & Conquer(tm) 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat"="C:\Program Files\Electronic Arts\Command & Conquer(tm) 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:*:Enabled:Command & Conquer(tm) 3: Kane's Wrath"
    "C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars™"
    "C:\Program Files\Commander Pro\jre\bin\javaw.exe"="C:\Program Files\Commander Pro\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Program Files\Codemasters\Heroes of the Pacific\Heroes.exe"="C:\Program Files\Codemasters\Heroes of the Pacific\Heroes.exe:*:Enabled:Heroes Of The Pacific"
    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\NOV1.EXE"="C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\NOV1.EXE:*:Enabled:NovaLogic Registration"
    "C:\Program Files\NovaLogic\Comanche 4\Update.exe"="C:\Program Files\NovaLogic\Comanche 4\Update.exe:*:Enabled:Update"
    "C:\Program Files\NovaLogic\Comanche 4\c4.exe"="C:\Program Files\NovaLogic\Comanche 4\c4.exe:*:Enabled:c4"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Kylotonn Entertainment\Bet on Soldier Multiplayer Demo\BoS.exe"="C:\Program Files\Kylotonn Entertainment\Bet on Soldier Multiplayer Demo\BoS.exe:*:Enabled:BoS"
    "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp88\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp88\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp89\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp89\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp90\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp90\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp91\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp91\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp92\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp92\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp93\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp93\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp94\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp94\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp95\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp95\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp96\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp96\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp97\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp97\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp98\mdm.exe"="C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\~temp\mlp98\mdm.exe:*:Enabled:UpdateWizzard"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9449eda2-f6ec-11de-877f-001583f2180d}]
    shell\AutoRun\command - G:\setup.exe

    ======File associations======

    .reg - open - regedit.exe "%1" %*
    .scr - open - "%1" %*

    ======List of files/folders created in the last 1 months======

    2010-01-07 17:45:09 ----D---- C:\rsit
    2010-01-07 16:46:16 ----A---- C:\WINDOWS\dllhst3g.exe
    2010-01-06 22:06:15 ----HD---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m
    2010-01-06 21:33:58 ----HD---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers
    2010-01-06 06:41:03 ----A---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\spoolsv.exe
    2010-01-02 16:53:11 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
    2010-01-02 16:53:11 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
    2010-01-02 16:53:09 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
    2010-01-02 16:53:08 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
    2010-01-02 16:53:08 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
    2010-01-02 16:53:08 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
    2010-01-02 16:53:07 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
    2010-01-02 11:27:06 ----A---- C:\WINDOWS\logman.exe
    2009-12-28 08:37:35 ----A---- C:\WINDOWS\spoolsv.exe
    2009-12-28 08:37:35 ----A---- C:\WINDOWS\ieudinit.exe
    2009-12-28 08:37:35 ----A---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\mstsc.exe
    2009-12-20 10:31:56 ----A---- C:\WINDOWS\cisvc.exe
    2009-12-19 00:41:41 ----A---- C:\WINDOWS\game.ini
    2009-12-19 00:31:56 ----D---- C:\Program Files\Activision
    2009-12-16 19:07:58 ----D---- C:\Program Files\Soldier of Fortune II - SP Demo
    2009-12-13 16:54:32 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
    2009-12-13 16:54:32 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
    2009-12-13 16:54:31 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
    2009-12-13 16:54:31 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
    2009-12-13 16:54:31 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
    2009-12-13 16:54:30 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
    2009-12-13 16:54:30 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
    2009-12-13 16:54:29 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
    2009-12-13 16:54:29 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
    2009-12-13 16:54:28 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
    2009-12-13 16:54:28 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
    2009-12-13 16:54:28 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
    2009-12-13 16:54:27 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
    2009-12-13 16:54:26 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
    2009-12-13 16:54:26 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
    2009-12-13 16:54:26 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
    2009-12-13 16:54:26 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
    2009-12-13 16:54:25 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
    2009-12-13 16:54:25 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
    2009-12-13 16:54:25 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
    2009-12-13 16:54:24 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
    2009-12-13 16:54:23 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
    2009-12-13 16:54:23 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
    2009-12-13 16:54:23 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2009-12-13 16:54:23 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-12-13 16:54:22 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2009-12-13 16:54:18 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
    2009-12-13 16:53:33 ----D---- C:\WINDOWS\Logs
    2009-12-12 00:56:13 ----D---- C:\WINDOWS\system32\AGEIA
    2009-12-12 00:56:12 ----D---- C:\Program Files\AGEIA Technologies
    2009-12-11 20:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
    2009-12-09 07:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
    2009-12-09 07:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
    2009-12-09 07:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
    2009-12-09 07:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
    2009-12-09 07:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

    ======List of files/folders modified in the last 1 months======

    2010-01-07 17:47:16 ----D---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\Skype
    2010-01-07 16:46:23 ----D---- C:\WINDOWS\system32\Lang
    2010-01-07 16:46:16 ----D---- C:\WINDOWS
    2010-01-07 16:45:08 ----D---- C:\WINDOWS\system32\drivers
    2010-01-07 16:42:49 ----D---- C:\WINDOWS\Temp
    2010-01-06 22:29:42 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-01-06 22:28:18 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2010-01-06 22:14:59 ----D---- C:\Program Files\microsoft frontpage
    2010-01-06 22:14:02 ----D---- C:\Program Files\FileZilla
    2010-01-06 22:13:30 ----D---- C:\Program Files\eMule
    2010-01-06 22:10:09 ----D---- C:\Program Files\BitTorrent
    2010-01-06 22:08:55 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-06 21:35:00 ----D---- C:\WINDOWS\system32
    2010-01-06 21:29:00 ----RD---- C:\Program Files
    2010-01-06 20:56:23 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-06 19:37:50 ----D---- C:\Program Files\Commander Pro
    2010-01-05 18:30:00 ----SHD---- C:\WINDOWS\Installer
    2010-01-05 18:29:19 ----SHD---- C:\Config.Msi
    2010-01-05 18:29:12 ----HD---- C:\WINDOWS\inf
    2010-01-05 18:29:12 ----D---- C:\WINDOWS\system32\DirectX
    2010-01-05 18:28:55 ----RSD---- C:\WINDOWS\assembly
    2010-01-04 19:11:22 ----D---- C:\WINDOWS\Prefetch
    2010-01-04 19:01:14 ----D---- C:\Program Files\SpywareBlaster
    2010-01-03 23:26:33 ----A---- C:\WINDOWS\NeroDigital.ini
    2010-01-02 23:06:51 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
    2010-01-02 23:06:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2010-01-02 16:50:21 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-01-01 11:40:44 ----SD---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\Microsoft
    2009-12-30 08:56:05 ----D---- C:\WINDOWS\system
    2009-12-21 19:29:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-12-21 13:35:41 ----D---- C:\WINDOWS\Debug
    2009-12-21 13:33:21 ----D---- C:\XtremeAirDemo
    2009-12-21 13:32:56 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ulead Systems
    2009-12-21 13:32:55 ----RSD---- C:\WINDOWS\Fonts
    2009-12-21 13:32:55 ----D---- C:\Program Files\Common Files
    2009-12-21 13:31:35 ----D---- C:\Program Files\Common Files\Real
    2009-12-21 13:31:27 ----D---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\Real
    2009-12-21 13:30:57 ----D---- C:\Program Files\CyberLink
    2009-12-21 13:30:43 ----D---- C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\Panasonic
    2009-12-18 19:21:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
    2009-12-15 23:19:50 ----D---- C:\Program Files\Canon
    2009-12-13 13:47:17 ----D---- C:\temp
    2009-12-12 00:57:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-12-12 00:56:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-12-12 00:55:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-12-11 22:56:30 ----D---- C:\WINDOWS\AppPatch
    2009-12-11 20:45:29 ----HD---- C:\WINDOWS\$hf_mig$
    2009-12-09 09:37:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-12-09 07:00:55 ----D---- C:\Program Files\Internet Explorer
    2009-12-09 07:00:48 ----D---- C:\WINDOWS\ie8updates
    2009-12-09 06:56:02 ----D---- C:\WINDOWS\system32\CatRoot

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;HID Keyboard Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 sK9Ou0s;sK9Ou0s; \??\C:\WINDOWS\system32\srosa2.sys []
    R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
    R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
    R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
    R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
    R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
    R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
    R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
    R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 GMFilter;GMFilter HID Filter Driver; C:\WINDOWS\system32\DRIVERS\GMFilter.sys [2005-08-23 21760]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    0
  7. Anonymous user
     
    HijackThis download failed

    do it separately

    • - Hijackthis - Diagnostic and repair tool
    download HijackThis here:
    http://telechargement.zebulon.fr/138-hijackthis-1991.html
    Unzip it into a designated folder.
    For example C:\hijackthis < Make sure to save it in c: !
    Launch it then:
    click on "do a system scan and save logfile" (see demo)
    copy and paste the entire log onto the forum
    Demo: (Thanks to Balltrap34 for this creation)
    http://www.tutoriaux-excalibur.com/hijackthis.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
    0
  8. lenormand49 Posted messages 115 Status Member 8
     
    it doesn't work
    I installed hijack under C: and when I launch it, the computer freezes, I have to stop hijack with the task manager
    I tried renaming hijack afterward: same result
    0
  9. lenormand49 Posted messages 115 Status Member 8
     
    ```html here you go for findykill

    ############################## | FindyKill V5.023 |

    # User : Admin (Users) # CYBER2006
    # Update on 31/12/2009 by El Desaparecido
    # Start at: 18:45:17 | 07/01/2010
    # Website : http://pagesperso-orange.fr/NosTools/index.html
    # Contact : FindyKill.Contact@gmail.com

    # Intel(R) Pentium(R) 4 CPU 3.00GHz
    # Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled
    # AV : Trend Micro PC-cillin Internet Security 12 12.0.1364 [ Enabled | Updated ]
    # FW : Trend Micro PC-cillin Internet Security 12[ Enabled ]12

    # A:\ # 3.5-inch floppy disk
    # C:\ # Local hard drive # 97.66 Go (24.12 Go free) # NTFS
    # D:\ # Local hard drive # 135.22 Go (12.35 Go free) [Docs] # NTFS
    # E:\ # CD-ROM Drive # 2.27 Go (0 Mo free) [TQIT] # UDF
    # F:\ # CD-ROM Drive
    # M:\ # Removable disk
    # N:\ # Removable disk
    # O:\ # Removable disk
    # P:\ # Removable disk

    ############################## | Active Processes |

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\ups.exe
    C:\Program Files\Commander Pro\UPServ.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Commander Pro\UPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## | C: |

    Deleted! E:\"autorun.inf"

    ################## | C:\WINDOWS |

    Deleted! C:\WINDOWS\mdelk.exe
    Deleted! C:\WINDOWS\system32\mdelk.exe
    Deleted! C:\WINDOWS\wintems.exe
    Deleted! C:\WINDOWS\system32\wintems.exe

    ################## | C:\WINDOWS\system32 |

    Deleted! C:\WINDOWS\system32\ban_list.txt
    Deleted! C:\WINDOWS\system32\srosa2.sys
    Deleted! C:\WINDOWS\system32\wfsintwq.sys

    ################## | C:\WINDOWS\system32\drivers |

    ################## | C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data |

    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7132265.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7132531.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7132828.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7133062.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7133359.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7149890.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7150953.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7153484.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7153750.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7170515.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7172718.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7173375.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7174062.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7175375.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7180906.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7181828.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7182109.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7182453.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7182828.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7183359.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7183765.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7184296.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7184484.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7184796.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7185265.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7185765.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7186078.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7186453.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7186625.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7186921.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7187625.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7188359.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7188625.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7188937.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7189250.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7189687.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7196046.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7202781.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7203515.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7206562.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7206921.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7207359.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7208281.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7212359.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7212703.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7215109.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7215484.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7215921.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7216187.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7216515.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7216765.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7217109.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7217265.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7217546.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7218234.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7219796.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7220593.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7221437.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7221687.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7221984.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7222187.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7222500.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7223625.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7224734.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7224984.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7225296.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7229875.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7233578.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7234312.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7235109.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7235734.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7236406.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7236656.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7236968.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7238218.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7238984.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7239140.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7239484.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7239750.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7240046.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7240609.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7240906.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld\7241546.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\downld
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers\winupgro.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\drivers
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\data.oct
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\flec006.exe
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\list.oct
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\3-Clicks 1.0 Build 29.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\3D Angels in Heaven Screensaver 1.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\4-Sight Fax 7.0.3r1-key.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\A and G Grapher v4.01 by Lz0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\A+ Web ScreenSaver v2.0.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Abac v1.1 for PalmOS 5.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Acala DVD Ripper PSP Bundle 3.0.3.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Ace File Search 1.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Activ E-Book Compiler v3.02 by RAC.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Active Network Monitor v2.01 Cracked WinAll by HS.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\AdBeGone v1.2.0.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Address Monitor 2.1.2.4.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\AdventNet QEngine Professional v4.1.3 Linux Incl Keymaker by AGAiN.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Aesop GIF Creator v1.02.302 Loader by DBC.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\AIXcoustic Creations ElectriQ VST v1.5.4 incl KeyGen READ NFO ABOUT PLZ by BEAT.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Allaire ColdFusion Studio v4.5.1 Fixed.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Amibook v1.8 Cracked by QUARTEX.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Antivirus Home - Client 4.1.357 (Serial).zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Any Video Converter Pro v2.5.5 by p1n0yak0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Ap PDF Stamp v2.2.0 DateCode 06012005 Keygen Only by BRD.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Apex True DBGrid Pro 6.0b.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\AppSense Management Suite v7.1.101.0 Incl Keymaker by AGAiN.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\ArGoSoft Mail Server Plus 1.6.2.3 (Serial).zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Barcode Win32 DLL.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\BestCrypt 6.04.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Bomberic v1.03 Christmas Edition by ICE-WAREZ.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\BPR v1.91-1.93.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\BS1 Small Business.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\BSplayer Pro v1.02.812 WinAll ReggedBLeH.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\BVS Solitaire Collection v2.6.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Cakewalk Sonar Home Studio v4 by SHOCK.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Caricatures PRO v4.4.0.1 French by RamdaM.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\CCS File Sentry v1.0 build 431.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\cheetah dvd burner 1.33 serial by TSRh.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\CleanCenter v1.35.05 Incl Keymaker by ACME.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\CondetSoft Game Packs v1.01 Retail for Pocket PC.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Cricket 2000 v1.0 [ENGLISH] CD-Copy Fixed EXE.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Cub Reporter 1.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\D I E XFEMily v6.5 Datecode 05252005 WinALL GERMAN by TBE.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Dream Collection 2.6.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\DreamenStudio iESpa v1.21 build 393 WinALL CrackedFNR.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Easy CD-DA Extractor Pro v11.5.0 build 1 Final by FFF.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Easy Desktop Keeper v2.2 by CiM.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Easy Screen Capture 2.0.4.27.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Easy-Fit ModelDesign 5.02.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Easymodel 2.3 (Serial).zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Echo On 1.0.3.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Eraser v1.4d.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Eric's Telnet 98 v5.2.1.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Exact Mouse 1.01 (Serial).zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\ExploreUrls 1.1 (Serial).zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Ezefee Pro UK 7.001.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Find It v4.00 by Embrace.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Firegraphic XP 5.0.415.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Flash LogoWizard 1.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\FlashControl 3.1.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\FolderWizard v1.2 WinAll Cracked by PirateK.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\FotoTime FotoAlbum Professional 4.5.0.3.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Foxy v1.6.6 by Core.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\GemX CalendarGem v1.3 WinALL Cracked by ARN.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Golden ComPass.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Great Invasions v1.0 +5 TRAINER.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\HashPuff v1.0.3 WinALL CrackedNGC.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\ICQ Pro 2003 build 3916 Full Patch by ven00m.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\IMarkup v3.93 by EMBRACE.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\inFantasy ScreenSaver Gallery 2.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Internet Password Pro 1.1.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Invisible Keylogger v1.3 by MP2K.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\iOrgSoft SWF Converter 1.6.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\iSkysoft DVD to Apple TV Converter build 1.5.30 by Bidjan.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\ISO Maker 1.8.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\JCheck 1.20 (Serial).zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\Joiner 1.04.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\KazStamp v9.0 build 9.0.27 Crack by FFF.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\KeyChanger 2.0.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\LEAD Capture and Convert v1.2 by DVT.zip
    Deleted! C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Application Data\m\shared\LogiXML LGX Info Server v6.1.1 by AGAiN.zip
    ```
    0
  10. lenormand49 Posted messages 115 Status Member 8
     
    Here is the translated text: ```html voila

    ############################## | UsbFix V6.071 |

    User : Admin (Users) # CYBER2006
    Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 19:21:35 | 07/01/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.00GHz
    Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : Trend Micro PC-cillin Internet Security 12 12.0.1364 [ Enabled | Updated ]
    FW : Trend Micro PC-cillin Internet Security 12[ Enabled ]12

    A:\ -> 3.5 inch floppy drive
    C:\ -> Local disk # 97.66 Go (24.3 Go free) # NTFS
    D:\ -> Local disk # 135.22 Go (12.35 Go free) [Docs] # NTFS
    E:\ -> CD-ROM drive # 2.27 Go (0 Mo free) [TQIT] # UDF
    F:\ -> CD-ROM drive
    H:\ -> Removable drive # 3.76 Go (1.59 Go free) [KINGSTON] # FAT32
    M:\ -> Removable drive
    N:\ -> Removable drive
    O:\ -> Removable drive
    P:\ -> Removable drive

    ############################## | Active processes |

    C:\WINDOWS\System32\smss.exe 892
    C:\WINDOWS\system32\csrss.exe 944
    C:\WINDOWS\system32\winlogon.exe 968
    C:\WINDOWS\system32\services.exe 1012
    C:\WINDOWS\system32\lsass.exe 1024
    C:\WINDOWS\system32\nvsvc32.exe 1200
    C:\WINDOWS\system32\svchost.exe 1228
    C:\WINDOWS\system32\logonui.exe 1236
    C:\WINDOWS\system32\svchost.exe 1312
    C:\WINDOWS\System32\svchost.exe 1456
    C:\WINDOWS\system32\svchost.exe 1500
    C:\WINDOWS\system32\spoolsv.exe 1704
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1748
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 1824
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1848
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe 1860
    C:\Program Files\Bonjour\mDNSResponder.exe 1896
    C:\WINDOWS\system32\svchost.exe 1932
    C:\WINDOWS\System32\svchost.exe 1972
    C:\Program Files\Java\jre6\bin\jqs.exe 232
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 336
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 448
    C:\WINDOWS\system32\PnkBstrA.exe 508
    C:\WINDOWS\system32\PnkBstrB.exe 532
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe 556
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 596
    C:\WINDOWS\system32\svchost.exe 608
    C:\WINDOWS\System32\ups.exe 624
    C:\Program Files\Commander Pro\UPServ.exe 636
    C:\WINDOWS\system32\SearchIndexer.exe 1028
    C:\Program Files\Commander Pro\UPS.EXE 1684
    C:\WINDOWS\Explorer.EXE 2008
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 564
    C:\WINDOWS\system32\wuauclt.exe 1960
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2300

    ################## | Infectious elements |

    Deleted! C:\WINDOWS\spoolsv.exe
    Deleted! C:\log.txt
    Deleted! C:\Recycler\S-1-5-21-73586283-776561741-725345543-1003
    Deleted! D:\Recycler\S-1-5-21-73586283-776561741-725345543-1003
    Not deleted! E:\autorun.inf

    ################## | Registry |

    Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsMenu"

    ################## | Mountpoints2 |

    Deleted! HKCU\...\Explorer\MountPoints2\{9449eda2-f6ec-11de-877f-001583f2180d}\Shell\AutoRun\Command

    ################## | Listing of present files |

    [08/12/2005 16:17|---------|11] C:\AuResult.ini
    [08/12/2005 13:31|---------|0] C:\AUTOEXEC.BAT
    [01/06/2008 23:44|---hs----|212] C:\boot.ini
    [02/10/2001 19:15|-r-hs----|4952] C:\Bootfont.bin
    [01/05/2007 16:14|--a------|299] C:\clony.txt
    [08/12/2005 13:31|---------|0] C:\CONFIG.SYS
    [29/06/2008 22:00|--a------|120] C:\drmHeader.bin
    [20/01/2007 16:34|--a------|269] C:\INSTALL.LOG
    [08/12/2005 13:31|-r-hs----|0] C:\IO.SYS
    [04/07/2006 20:02|--a------|183] C:\LogiSetup.log
    [05/09/2006 18:29|--a------|6105] C:\lvcoinst.log
    [08/12/2005 13:31|-r-hs----|0] C:\MSDOS.SYS
    [03/08/2004 23:38|-r-hs----|47564] C:\NTDETECT.COM
    [10/05/2008 09:36|-r-hs----|252240] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [06/08/2006 13:45|--a------|34] C:\phot.ini
    [20/07/2008 01:15|--a------|254600] C:\rapport.txt
    [19/07/2008 19:34|--a------|254733] C:\rapport2.txt
    [08/12/2005 16:19|---------|90] C:\Realtek.log
    [08/12/2005 16:19|---------|396] C:\RtlSetup.log
    [27/03/2007 19:11|--a------|510] C:\s13c
    [23/03/2007 11:19|--a------|510] C:\s158
    [22/03/2007 10:31|--a------|510] C:\s1kg
    [29/03/2007 18:39|--a------|510] C:\s26g
    [25/03/2007 19:26|--a------|510] C:\s298
    [23/03/2007 23:19|--a------|510] C:\s2kk
    [22/03/2007 22:31|--a------|510] C:\s2l8
    [26/03/2007 06:40|--a------|510] C:\s2lk
    [28/03/2007 21:55|--a------|510] C:\s2r8
    [26/03/2007 19:11|--a------|510] C:\s2vs
    [27/03/2007 07:11|--a------|510] C:\s348
    [25/03/2007 07:26|--a------|510] C:\s370
    [29/03/2007 06:39|--a------|510] C:\s37k
    [26/03/2007 10:45|--a------|510] C:\s3k0
    [29/03/2007 19:14|--a------|510] C:\s3ss
    [28/03/2007 09:55|--a------|510] C:\s3v8
    [24/03/2007 17:27|--a------|510] C:\scs
    [07/10/2007 11:43|--a------|90] C:\Setup.log
    [21/07/2008 12:57|--a------|757] C:\TCleaner.txt
    [07/01/2010 19:25|--a------|5177] C:\UsbFix.txt
    [24/01/2007 01:04|-r-------|43] E:\autorun.inf
    [29/01/2007 23:10|-r-------|7903] E:\Build.log
    [29/01/2007 23:01|-r-------|6027395] E:\data1.cab
    [29/01/2007 23:01|-r-------|27350] E:\data1.hdr
    [29/01/2007 23:06|-r-------|2403760791] E:\data2.cab
    [14/11/2005 05:47|-r-------|528384] E:\Demo32.exe
    [04/12/2006 20:46|-r-------|553805] E:\engine32.cab
    [02/01/2007 02:03|-r-------|1712128] E:\GdiPlus.dll
    [21/10/2004 23:38|-r-------|126976] E:\launch.exe
    [02/01/2007 02:03|-r-------|68] E:\Launch.ini
    [29/01/2007 23:06|-r-------|1394] E:\layout.bin
    [02/01/2007 02:03|-r-------|40960] E:\psfind.dll
    [23/01/2007 21:04|-r-------|29380] E:\ReadMe_CZ.txt
    [23/01/2007 21:04|-r-------|16181] E:\ReadMe_DE.txt
    [23/01/2007 21:04|-r-------|15391] E:\ReadMe_ES.txt
    [23/01/2007 21:04|-r-------|15081] E:\ReadMe_FR.txt
    [23/01/2007 21:04|-r-------|15041] E:\ReadMe_IT.txt
    [23/01/2007 21:04|-r-------|14079] E:\ReadMe_PL.txt
    [23/01/2007 21:04|-r-------|29963] E:\ReadMe_RU.txt
    [24/01/2007 23:37|-r-------|12885] E:\ReadMe_US.txt
    [14/11/2005 09:24|-r-------|121064] E:\setup.exe
    [29/01/2007 23:01|-r-------|456860] E:\setup.ibt
    [29/01/2007 23:01|-r-------|580] E:\setup.ini
    [08/01/2007 21:00|-r-------|4240377] E:\setup.isn
    [24/01/2007 23:37|-r-------|2780713] E:\TQIT Launcher.dbd
    [27/01/2007 19:46|-r-------|23220] E:\TQIT Launcher.txt
    [24/01/2007 01:04|-r-------|3262] E:\tqit.ico
    [18/01/2007 20:06|-r-------|23043] E:\TQ_EULA_CZE.txt
    [18/01/2007 20:06|-r-------|23043] E:\TQ_EULA_English.txt
    [18/01/2007 20:06|-r-------|20637] E:\TQ_EULA_FRA.txt
    [18/01/2007 20:06|-r-------|19620] E:\TQ_EULA_GER.txt
    [18/01/2007 20:06|-r-------|20392] E:\TQ_EULA_ITA.txt
    [18/01/2007 20:06|-r-------|23043] E:\TQ_EULA_POL.txt
    [18/01/2007 20:06|-r-------|23043] E:\TQ_EULA_RUS.txt
    [18/01/2007 20:06|-r-------|16715] E:\TQ_EULA_SPA.txt
    [25/10/2009 11:06|--a------|23552] H:\Lapin … la moutarde.doc

    ################## | Vaccination |

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # H:\autorun.inf -> Folder created by UsbFix.

    ################## | Crack > Keygen > Serial |

    "C:\Program Files\MoviePod\MoviePod-Windows\Keygen.exe"
    02/07/2006 07:34 |Size 120320 |Crc32 830b4466 |Md5 904e5d9eaa412e14d620c90e68f3f4cb

    "D:\Documents\My Games\Crack\iw3sporiginal.exe"
    05/10/2007 11:28 |Size 4498776 |Crc32 bbf3f44a |Md5 5b2f03ee23f148d886ef34075bf4e987

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\(Pc Game) Rise Of Nations No-Cd Crack.zip"
    -> Contains : (PC GAME) Rise Of Nations NO-CD Crack.EXE

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\(Pc Game) Rise Of Nations No-Cd Crack.zip"
    -> Contains : keygen\keygen.exe

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\- Rise Of Nations - Keygen With No Cd Crack.zip"
    -> Contains : (PC GAME) Rise Of Nations NO-CD Crack.EXE

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\Command & Conquer Generals Nocd-Crack.zip"
    -> Contains : generals.exe 118784 DFLT-X 53% 55723 05-02-2003 14:26:34 acb2b036

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\Command & Conquer Generals Nocd-Crack.zip"
    -> Contains : patch\keygen.exe

    "C:\Program Files\EA Games\Command and Conquer Generals\Krack\Command & Conquer Generals Nocd-Crack.zip"
    -> Contains : generals.exe 118784 DFLT-X 53% 55723 05-02-2003 14:26:34 acb2b036

    "C:\Program Files\EA Games\Command and Conquer Generals\Krack\Command & Conquer Generals Nocd-Crack.zip"
    -> Contains : patch\patch.exe

    "D:\Documents\My eBooks\Incoming\Command Conquer Renegade Unknown (Serial).zip"
    -> Contains : key_gen.exe 858624 DFLT-N 3% 836901 09-01-2005 03:02:00 40b76d70

    "D:\Documents\My Games\Counter Strike (Cs) Source 2006 Crack Keygen.zip"
    -> Contains : crack.exe 65536 DFLT-N 47% 34449 24-12-2009 17:56:20 bd98f140

    "D:\Documents\My Games\Medal Of Honor Airborne Serial Keygen.zip"
    -> Contains : setup.exe 864256 DFLT-N 6% 816447 09-04-2006 03:09:00 fbef1d0d

    "D:\Documents\My Games\Crack\(Pc Game) Rise Of Nations No-Cd Crack.zip"
    -> Contains : (PC GAME) Rise Of Nations NO-CD Crack.EXE

    "D:\Documents\My Games\Crack\- Rise Of Nations - Keygen With No Cd Crack.zip"
    -> Contains : (PC GAME) Rise Of Nations NO-CD Crack.EXE

    "D:\Documents\My Games\Crack\Command & Conquer Generals Nocd-Crack.zip"
    -> Contains : generals.exe 118784 DFLT-X 53% 55723 05-02-2003 14:26:34 acb2b036

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\Command & Conquer Generals Zero Hour - Nocd Crack.rar"
    -> contains : generals.exe

    "C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Desktop\Crack\Command & Conquer Generals Zero Hour - Nocd Crack.rar"
    -> contains : WorldBuilder.exe

    "C:\Program Files\EA Games\Command & Conquer Generals - Heure H\Krack\Command & Conquer Generals Zero Hour - Nocd Crack.rar"
    -> contains : generals.exe

    "C:\Program Files\EA Games\Command & Conquer Generals - Heure H\Krack\Command & Conquer Generals Zero Hour - Nocd Crack.rar"
    -> contains : WorldBuilder.exe

    "D:\Documents\My Games\Crack\Command & Conquer Generals Zero Hour - Nocd Crack.rar"
    -> contains : generals.exe

    "D:\Documents\My Games\Crack\Command & Conquer Generals Zero Hour - Nocd Crack.rar"
    -> contains : WorldBuilder.exe

    ################## | ! End of report # UsbFix V6.071 ! | ```
    0
  11. Anonymous user
     
    repass another rsit and post its report
    note: you will only have one report (log.txt)

    thank you
    0
  12. lenormand49 Posted messages 115 Status Member 8
     
    Logfile de l'outil d'information système de random 1.06 (écrit par random/random)
    Exécuté par Admin le 2010-01-07 20:27:12
    Microsoft Windows XP Professionnel Service Pack 3
    Le lecteur système C: a 25 Go (25%) libres sur 100 Go
    RAM totale : 2046 Mo (75% libre)

    Logfile de Trend Micro HijackThis v2.0.2
    Analyse enregistrée à 20:27:31, le 07/01/2010
    Plateforme : Windows XP SP3 (WinNT 5.01.2600)
    MSIE : Internet Explorer v8.00 (8.00.6001.18702)
    Mode de démarrage : Normal

    Processus en cours d'exécution :
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\ups.exe
    C:\Program Files\Commander Pro\UPServ.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Commander Pro\UPS.EXE
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Bureau\RSIT.exe
    C:\Program Files\trend micro\Admin.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\System\rsvp.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [UPSMS] C:\Program Files\Commander Pro\UPSMS.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\logman.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\rsvp.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\comrepl.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\WINDOWS\dllhst3g.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\ADMIN~1.XPS\APPLIC~1\spoolsv.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\ADMIN~1.XPS\APPLIC~1\MICROS~1\cmstp.exe /waitservice
    O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\esentutl.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\cmstp.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\mstsc.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\mstinit.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\WINDOWS\logman.exe /waitservice
    O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe /waitservice
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (Utilisateur 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (Utilisateur 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (Utilisateur 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (Utilisateur 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (Utilisateur 'SYSTEME')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice (Utilisateur 'SYSTEME')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (Utilisateur 'Utilisateur par défaut')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\cisvc.exe /waitservice (Utilisateur 'Utilisateur par défaut')
    O4 - Démarrage : GM_DevUpdate.lnk = C:\Program Files\HAMA Joystick Outlandish\GM_DevUpdate.exe
    O4 - Démarrage global : WiFi Station pour Livebox.lnk = ?
    O4 - Démarrage global : Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Élément de menu contextuel supplémentaire : E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Bouton supplémentaire : Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Bouton supplémentaire : (sans nom) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Élément de menu 'Outils' supplémentaire : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Bouton supplémentaire : Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Élément de menu 'Outils' supplémentaire : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocole : skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service : ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service : Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service : Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service : BlueSoleil Hid Service - Propriétaire inconnu - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service : Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service : InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service : Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service : Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service : LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service : Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service : LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service : NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service : Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service : PnkBstrA - Propriétaire inconnu - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service : PnkBstrB - Propriétaire inconnu - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service : Service Cyberlink RichVideo(CRVS) (RichVideo) - Propriétaire inconnu - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service : StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service : UPSmanager - Macrovision - C:\PROGRA~1\COMMAN~1\manager.exe
    O23 - Service : UPSmart - Propriétaire inconnu - C:\Program Files\Commander Pro\UPServ.exe
    O23 - Service : UPSmonitor - Macrovision - C:\PROGRA~1\COMMAN~1\monitor.exe
    O23 - Service : UPSRMI - Macrovision - C:\PROGRA~1\COMMAN~1\wpRMI.exe

    --
    Fin du fichier - 11698 octets

    ======Dossier des tâches planifiées======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ======Dump de registre======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"=C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
    "Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-14 143872]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-05-05 14396416]
    "RemoteControl"=C:\WINDOWS\system32\rmctrl.exe [2000-10-16 32768]
    "pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe [2010-01-07 823361]
    "Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [2001-06-19 200704]
    "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
    "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
    "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
    "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]
    "EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-10-04 35328]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe []
    "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-09-15 37888]
    "AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
    "ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-10-11 31232]
    "UPSMS"=C:\Program Files\Commander Pro\UPSMS.exe [2009-06-28 114688]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
    "CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
    "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
    "IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [2007-11-19 128352]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
    "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "Logman"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\logman.exe [2009-12-20 95232]
    "rsvp"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\rsvp.exe [2009-12-20 95232]
    "ComRepl"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\Temp\comrepl.exe [2009-12-20 95232]
    "DllHst"=C:\WINDOWS\dllhst3g.exe [2009-12-20 95232]
    "Spool"=C:\DOCUME~1\ADMIN~1.XPS\A [2007-10-01 14582]
    "Cisvc"=C:\WINDOWS\cisvc.exe [2009-12-20 95232]
    "CmSTP"=C:\DOCUME~1\ADMIN~1.XPS\A [2007-10-01 14582]
    "Esent Utl"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\esentutl.exe [2009-12-20 95232]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "NCLaunch"=C:\WINDOWS\NCLAUNCH.EXe [2007-03-19 40960]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe []
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    "CmSTP"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\cmstp.exe [2009-12-20 95232]
    "Mstsc"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\mstsc.exe [2009-12-20 95232]
    "MstInit"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\mstinit.exe [2009-12-20 95232]
    "Cisvc"=C:\WINDOWS\cisvc.exe [2009-12-20 95232]
    "Logman"=C:\WINDOWS\logman.exe [2009-12-20 95232]
    "ComRepl"=C:\DOCUME~1\ADMIN~1.XPS\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe [2009-12-20 95232]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-04-14 45056]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2004-07-09 1249280]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

    C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage
    WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\Admin.XPSP2-0ECD3B1B5\Menu Démarrer\Programmes\Démarrage
    GM_DevUpdate.lnk - C:\Program Files\HAMA Joystick Outlandish\GM_DevUpdate.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispScrSavPage"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableLUA"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=128
    "NoSMHelp"=1
    "MemCheckBoxInRunDlg"=1
    "NoSMBalloonTip"=1
    "NoDesktopCleanupWizard"=1
    "NoWelcomeScreen"=1
    "NoAutoUpdate"=1
    "NoBandCustomize"=1
    "NoDriveAutoRun"=128
    "HonorAutoRunSetting"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Westwood\SUN\GAME.ICD"="C:\Program Files\Westwood\SUN\GAME.ICD:*:Enabled:Main executable for Tiberian Sun"
    "C:\Program Files\Westwood\SUN\Game.exe"="C:\Program Files\Westwood\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun"
    "C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber"
    "C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe"="C:\Program Files\ScanSoft\OmniPageSE\EregFre\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\Program Files\Valve\Half Life 2\hl2.exe"="C:\Program Files\Valve\Half Life 2\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Half-Life\hl.exe"="C:\Program Files\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Program Files\Half-Life\hlupdate.exe"="C:\Program Files\Half-Life\hlupdate.exe:*:Enabled:hlupdate.exe"
    "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
    "C:\Program Files\EA Games\Command and Conquer Generals\game.dat"="C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe"="C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:*:Enabled:Rise Of Legends"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Diablo II\Diablo II.exe"="C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule iONiX Mod"
    "C:\Program Files\EA Games\Command & Conquer Generals - Heure H\game.dat"="C:\Program Files\EA Games\Command & Conquer Generals - Heure H\game.dat:*:Enabled:game"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Audio Windows Media(TM) (wma)"
    "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\WINDOWS\Temp\occ.exe"="C:\WINDOWS\Temp\occ.exe:*:Enabled:OneCC Module"
    "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
    "C:\Program Files\Microsoft Games\Rise of Nations\nations.exe"="C:\Program Files\Microsoft Games\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe"="C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations"
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480"
    "C:\Program Files\Activision\Call of Duty
    0
  13. lenormand49 Posted messages 115 Status Member 8
     
    ComboFix 10-01-04.01 - Admin 07/01/2010 21:38:38.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.33.1036.18.2046.1567 [GMT 1:00]
    Run from: c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Desktop\Bibitte.exe
    AV: Trend Micro PC-cillin Internet Security 12 *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
    FW: Trend Micro PC-cillin Internet Security 12 *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
    .

    (((((((((((((((((((((((((((((((((((( Other deletions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\Microsoft\cmstp.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\mstinit.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\mstsc.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\spoolsv.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\cmstp.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\esentutl.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\logman.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\Microsoft\comrepl.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\Microsoft\logman.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\Microsoft\mstinit.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\Microsoft\mstsc.exe
    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\rsvp.exe
    c:\windows\CISVC.exe
    c:\windows\dllhst3g.exe
    c:\windows\ieudinit.exe
    c:\windows\logman.exe
    c:\windows\system\cisvc.exe
    c:\windows\system\dllhst3g.exe
    c:\windows\system\rsvp.exe
    c:\windows\system32\drivers\mstinit.exe
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\tmp.reg
    c:\windows\system32\win.ini
    c:\windows\unins000.dat
    c:\windows\unins000.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_sysrest.sys

    ((((((((((((((((((((((((((((( Files created from 2009-12-07 to 2010-01-07 ))))))))))))))))))))))))))))))))))))
    .

    2010-01-07 18:18 . 2010-01-07 18:39 -------- d-----w- C:\UsbFix
    2010-01-07 17:42 . 2010-01-07 18:10 -------- d-----w- C:\FindyKill
    2010-01-07 17:38 . 2010-01-07 17:38 -------- d-----w- C:\HJ
    2010-01-07 17:11 . 2010-01-07 17:11 -------- d-----w- C:\HJT
    2010-01-07 16:45 . 2010-01-07 19:26 -------- d-----w- C:\rsit
    2010-01-02 15:53 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
    2010-01-02 15:53 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
    2010-01-02 15:53 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2010-01-02 15:53 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-01-02 15:53 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
    2010-01-02 15:53 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
    2010-01-02 15:53 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
    2009-12-18 23:31 . 2010-01-02 16:30 -------- d-----w- c:\program files\Activision
    2009-12-16 18:07 . 2010-01-02 15:27 -------- d-----w- c:\program files\Soldier of Fortune II - SP Demo
    2009-12-15 23:07 . 2009-12-15 23:07 -------- d-----w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\PunkBuster
    2009-12-13 15:53 . 2009-12-13 15:53 -------- d-----w- c:\windows\Logs
    2009-12-11 23:56 . 2009-12-11 23:56 -------- d-----w- c:\windows\system32\AGEIA
    2009-12-11 23:56 . 2009-12-11 23:56 -------- d-----w- c:\program files\AGEIA Technologies
    2009-12-11 19:45 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

    .
    (((((((((((((((((((((((((((((((((( Find3M report ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-07 20:48 . 2005-12-08 19:03 -------- d-----w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\Skype
    2010-01-07 20:42 . 2007-05-04 17:42 12 ----a-w- c:\windows\bthservsdp.dat
    2010-01-07 19:27 . 2005-12-08 14:43 -------- d-----w- c:\program files\Trend Micro
    2010-01-07 18:09 . 2001-10-02 18:17 536002 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-07 18:09 . 2001-10-02 18:17 94526 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-06 21:28 . 2008-07-19 20:58 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
    2010-01-06 21:14 . 2005-12-08 12:32 -------- d-----w- c:\program files\microsoft frontpage
    2010-01-06 21:14 . 2006-03-25 09:16 -------- d-----w- c:\program files\FileZilla
    2010-01-06 21:13 . 2005-12-11 19:53 -------- d-----w- c:\program files\eMule
    2010-01-06 21:10 . 2006-07-07 11:26 -------- d-----w- c:\program files\BitTorrent
    2010-01-06 18:37 . 2006-02-22 17:38 -------- d-----w- c:\program files\Commander Pro
    2010-01-04 18:01 . 2009-04-14 20:43 -------- d-----w- c:\program files\SpywareBlaster
    2010-01-02 22:06 . 2008-01-08 18:12 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-01-02 22:06 . 2008-01-08 18:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-01-02 22:06 . 2008-01-08 18:12 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-01-02 16:20 . 2005-12-09 15:50 46160 ----a-w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-02 15:50 . 2005-12-08 13:44 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-12-21 18:29 . 2005-12-08 17:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-12-21 12:32 . 2007-05-08 09:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems
    2009-12-21 12:31 . 2006-01-12 19:02 -------- d-----w- c:\program files\Common Files\Real
    2009-12-21 12:30 . 2005-12-08 19:54 -------- d-----w- c:\program files\CyberLink
    2009-12-21 12:30 . 2008-11-30 23:17 -------- d-----w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\Panasonic
    2009-12-18 23:42 . 2008-01-08 18:12 22328 ----a-w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\PnkBstrK.sys
    2009-12-18 23:42 . 2008-01-08 18:12 22328 ----a-w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\PnkBstrK.sys
    2009-12-15 22:19 . 2005-12-09 17:05 -------- d-----w- c:\program files\Canon
    2009-12-11 23:55 . 2006-10-22 16:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-12-07 21:06 . 2009-12-07 21:06 -------- d-----w- c:\program files\Fox
    2009-12-07 13:37 . 2009-12-07 13:37 -------- d-----w- c:\program files\Hercules
    2009-11-30 10:35 . 2009-11-30 10:34 -------- d-----w- c:\program files\iTunes
    2009-11-30 10:34 . 2009-11-30 10:34 -------- d-----w- c:\program files\iPod
    2009-11-30 10:34 . 2007-08-05 19:00 -------- d-----w- c:\program files\Common Files\Apple
    2009-11-30 10:30 . 2006-06-15 17:35 -------- d-----w- c:\program files\QuickTime
    2009-11-30 10:20 . 2009-11-30 10:20 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
    2009-11-28 10:02 . 2006-08-08 05:53 -------- d-----w- c:\program files\Google
    2009-11-28 10:00 . 2009-11-25 19:07 -------- d-----w- c:\program files\MyDSC2
    2009-11-25 20:54 . 2008-04-13 10:31 -------- d-----w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\ArcSoft
    2009-11-25 19:37 . 2008-11-30 23:18 -------- d-----w- c:\program files\ArcSoft
    2009-11-21 15:58 . 2004-08-19 16:09 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
    2009-11-21 01:35 . 2005-12-08 20:02 -------- d-----w- c:\program files\DivX
    2009-11-21 01:35 . 2009-11-21 01:34 -------- d-----w- c:\program files\Common Files\DivX Shared
    2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-13 19:42 . 2005-12-08 17:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-04 06:59 . 2009-11-04 06:59 152576 ----a-w- c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-10-29 07:42 . 2005-10-12 10:25 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-24 09:26 . 2009-10-24 09:26 0 ----a-w- c:\windows\PowerReg.dat
    2009-10-21 05:39 . 2004-08-19 16:09 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:39 . 2004-08-19 16:09 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-20 16:20 . 2005-07-26 15:01 265728 ------w- c:\windows\system32\drivers\http.sys
    2009-10-13 10:33 . 2004-08-19 16:09 271360 ------w- c:\windows\system32\oakley.dll
    2009-10-12 13:39 . 2004-08-19 16:09 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:39 . 2004-08-19 16:09 150528 ----a-w- c:\windows\system32\rastls.dll
    2009-10-11 03:17 . 2008-11-22 10:18 411368 ----a-w- c:\windows\system32\deploytk.dll
    2008-03-03 17:47 . 2005-12-08 20:02 56 --sh--r- c:\windows\system32\7924C48F39.sys
    2008-03-03 17:47 . 2005-12-08 20:02 10020 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Registry load points ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty items & legitimate initial items are not listed
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-03-19 40960]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-05 14396416]
    "RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
    "pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2010-01-07 823361]
    "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-19 200704]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
    "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-10-04 35328]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-09-15 37888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
    "UPSMS"="c:\program files\Commander Pro\UPSMS.exe" [2009-06-28 114688]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
    "nwiz"="nwiz.exe" [2009-06-10 1657376]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlsf"="move" [X]
    "Config"="c:\windows\system32\run.cmd" [2005-08-23 341]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

    c:\documents and settings\Admin.XPSP2-0ECD3B1B5\Start Menu\Programs\Startup\
    GM_DevUpdate.lnk - c:\program files\HAMA Joystick Outlandish\GM_DevUpdate.exe [2009-10-27 45056]

    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    WiFi Station for Livebox.lnk - c:\program files\Hercules\WiFi Station for Livebox\WifiStationLB.exe [2009-12-7 721408]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)
    "NoBandCustomize"= 1 (0x1)
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMHelp"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)
    "NoAutoUpdate"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
    2004-04-14 10:54 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
    2004-07-09 14:07 1249280 ----a-w- c:\program files\D-Link\AirPlus G\AirGCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-01-26 14:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Westwood\\SUN\\GAME.ICD"=
    "c:\\Program Files\\Westwood\\SUN\\Game.exe"=
    "c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
    "c:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Diablo II\\Diablo II.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\EA Games\\Command & Conquer Generals - Heure H\\game.dat"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
    "c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
    "c:\\Program Files\\THQ\\Titan Quest Immortal Throne\\Tqit.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
    "c:\\Program Files\\Electronic Arts\\Command & Conquer(tm) 3 La Fureur de Kane\\RetailExe\\1.0\\cnc3ep1.dat"=
    "c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
    "c:\\Program Files\\Commander Pro\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Codemasters\\Heroes of the Pacific\\Heroes.exe"=
    "c:\\Program Files\\NovaLogic\\Comanche 4\\Update.exe"=
    "c:\\Program Files\\NovaLogic\\Comanche 4\\c4.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7561:TCP"= 7561:TCP:E mule
    "7571:UDP"= 7571:UDP:E mule
    "6112:TCP"= 6112:TCP:Diablo
    "4000:TCP"= 4000:TCP:diablo
    "25:TCP"= 25:TCP:Outlook Office

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)

    R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [08/12/2005 18:02 159616]
    R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [08/12/2005 18:02 5248]
    R0 VirtualK;VirtaulK;c:\windows\system32\drivers\VirtualK.sys [27/10/2009 20:45 3968]
    R2 UPSmart;UPSmart;c:\program files\Commander Pro\UPServ.exe UPSmart --> c:\program files\Commander Pro\UPServ.exe UPSmart [?]
    R3 GMFilter;GMFilter HID Filter Driver;c:\windows\system32\drivers\GMFilter.sys [27/10/2009 20:44 21760]
    R3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [19/02/2008 08:00 88704]
    R3 skbusenum;SKBus Enumerator;c:\windows\system32\drivers\SKBusEnum.sys [27/10/2009 20:45 10880]
    R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [13/04/2008 11:21 483328]
    R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [13/04/2008 11:21 7680]
    S2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys --> c:\windows\system32\drivers\TmXPFlt.sys [?]
    S2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys --> c:\windows\system32\drivers\Tmpreflt.sys [?]
    S2 UPSmonitor;UPSmonitor;c:\progra~1\COMMAN~1\monitor.exe -zglaxservice UPSmonitor --> c:\progra~1\COMMAN~1\monitor.exe -zglaxservice UPSmonitor [?]
    S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [11/12/2005 21:40 32000]
    S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [11/12/2005 22:12 28057]
    S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [11/12/2005 21:45 21081]
    S3 SNPP202;PC Camera (6028 VGA);c:\windows\system32\drivers\snpp202.sys [09/12/2005 17:36 235136]
    S3 UPSmanager;UPSmanager;c:\progra~1\COMMAN~1\manager.exe -zglaxservice UPSmanager --> c:\progra~1\COMMAN~1\manager.exe -zglaxservice UPSmanager [?]
    S3 UPSRMI;UPSRMI;c:\progra~1\COMMAN~1\wpRMI.exe -zglaxservice UPSRMI --> c:\progra~1\COMMAN~1\wpRMI.exe -zglaxservice UPSRMI [?]
    S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [27/10/2004 11:13 282696]
    S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [15/09/2004 10:03 585789]
    S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [15/09/2004 10:04 188484]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of 'Scheduled Tasks' folder

    2010-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]
    .
    .
    ------- Additional scan -------
    .
    uInternet Settings,ProxyOverride = localhost;*.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF
    0
  14. lenormand49 Posted messages 115 Status Member 8
     
    However, I can't manage to restart my antivirus, I keep getting the error message, it starts but there's no way to reactivate it.
    0
  15. lenormand49 Posted messages 115 Status Member 8
     
    Okay, I'll let it run overnight
    I'll post the report first thing tomorrow morning
    and I'll resume the conversation tomorrow evening around 5:45 PM
    thank you for your help and the time you dedicated to my issue
    see you tomorrow and good night, everyone
    0
  16. lenormand49 Posted messages 115 Status Member 8
     
    Malwarebytes' Anti-Malware 1.43
    Database version: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    01/08/2010 06:27:37
    mbam-log-2010-01-08 (06-27-22).txt

    Scan type: Full scan (C:\|D:\|H:\|)
    Items scanned: 285903
    Elapsed time: 53 minute(s), 23 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected Registry key(s): 0
    Infected Registry value(s): 2
    Infected Registry data item(s): 1
    Infected folder(s): 0
    Infected file(s): 1

    Infected memory process(es):
    (No malicious items detected)

    Infected memory module(s):
    (No malicious items detected)

    Infected Registry key(s):
    (No malicious items detected)

    Infected Registry value(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upsms (Worm.P2P) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcl90j0ejcr (Rogue.AntiVirusXP) -> No action taken.

    Infected Registry data item(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> No action taken.

    Infected folder(s):
    (No malicious items detected)

    Infected file(s):
    C:\System Volume Information\_restore{3D64EAA2-C25B-4ABD-AA55-F123DEE84BD0}\RP1\A0000082.sys (Malware.Trace) -> No action taken.

    See you tonight.
    0
  17. Anonymous user
     
    Hello,

    -> Aucune action effectuée.
    You forgot to delete them :-)

    . If malware has been detected, click on Show Results
    . Select all (or leave checked) and click on Remove Selection. Malwarebytes will delete the files and registry keys and put a copy in quarantine.
    . Malwarebytes will open Notepad and copy the scan report there.
    . Go to the report/log tab
    . Click on it to display it, once displayed
    . Click on Edit at the top of Notepad, then on Select All
    . Click on Edit again and then on Copy, and return to the forum and your reply
    . Right-click in the reply box and paste
    . At the end of the scan, MBAM may need to restart the PC to finalize the deletion, so don't panic, restart your PC!!!

    If you need help, check out this tutorial:
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  • 1
  • 2