PC full of viruses
Solved
marjorie2604
-
Anonymous user -
Anonymous user -
Hello,
as protection I use Avira Antivirus and as soon as I turn on my PC, it tells me that I have viruses. I place them in quarantine and it doesn't change anything, I still have viruses. I don't know what to do, thank you for your help.
as protection I use Avira Antivirus and as soon as I turn on my PC, it tells me that I have viruses. I place them in quarantine and it doesn't change anything, I still have viruses. I don't know what to do, thank you for your help.
Configuration: Windows Vista Firefox 3.0.17
19 réponses
Hello Marjorie,
• Download Random's System Information Tool (RSIT) (by random/random) to your Desktop.
• Double-click on RSIT.exe to launch the program.
• Click on Continue at the Disclaimer screen.
• If the updated version of HijackThis is not present or not detected on the computer, RSIT will download it (allow access in your firewall if prompted) and you will need to accept the license.
• Once the scan is complete, two text files will open. Post the contents of log.txt (the one that appears on the screen) as well as info.txt (which you will see in the taskbar).
Note: Reports are saved in the folder C:\rsit.
• Download Random's System Information Tool (RSIT) (by random/random) to your Desktop.
• Double-click on RSIT.exe to launch the program.
• Click on Continue at the Disclaimer screen.
• If the updated version of HijackThis is not present or not detected on the computer, RSIT will download it (allow access in your firewall if prompted) and you will need to accept the license.
• Once the scan is complete, two text files will open. Post the contents of log.txt (the one that appears on the screen) as well as info.txt (which you will see in the taskbar).
Note: Reports are saved in the folder C:\rsit.
Re Marjorie,
Indeed, you have several infections. We'll start with the Renos infection.
• Download UsbFix to your Desktop:
(!) Connect your external data sources to your PC (USB stick, external hard drive, etc...) that may have been infected without opening them.
• Double click on UsbFix.exe present on your desktop.
• In the main menu, choose the option "" F "" for French and press [Enter].
• In the second menu, choose the option "" 2 "" (Removal) and press [Enter].
• Your desktop will disappear and the PC will restart.
• Upon restarting, UsbFix will scan your PC; allow the tool to work.
• Then post the UsbFix.txt report that will appear with the desktop.
• Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
Note: "Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus but a utility designed to terminate processes.
In the wrong hands, this utility could disable security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.
• Tutorial: http://pagesperso-orange.fr/NosTools/usbfix.html
Indeed, you have several infections. We'll start with the Renos infection.
• Download UsbFix to your Desktop:
(!) Connect your external data sources to your PC (USB stick, external hard drive, etc...) that may have been infected without opening them.
• Double click on UsbFix.exe present on your desktop.
• In the main menu, choose the option "" F "" for French and press [Enter].
• In the second menu, choose the option "" 2 "" (Removal) and press [Enter].
• Your desktop will disappear and the PC will restart.
• Upon restarting, UsbFix will scan your PC; allow the tool to work.
• Then post the UsbFix.txt report that will appear with the desktop.
• Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
Note: "Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus but a utility designed to terminate processes.
In the wrong hands, this utility could disable security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.
• Tutorial: http://pagesperso-orange.fr/NosTools/usbfix.html
############################## | UsbFix V6.080 |
User : doudou (Administrators) # PC-DE-DOUDOU
Update on 27/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:37:10 | 27/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) X2 Dual-Core QL-64
Microsoft® Windows Vista™ Home Premium Edition (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled
C:\ -> Local fixed disk # 138.49 Go (37.46 Go free) # NTFS
D:\ -> Local fixed disk # 10.55 Go (1.78 Go free) [RECOVERY] # NTFS
E:\ -> CD-ROM drive
F:\ -> Local fixed disk # 465.65 Go (330.67 Go free) [DATA] # FAT32
############################## | Active Processes |
C:\Windows\System32\smss.exe 432
C:\Windows\system32\csrss.exe 504
C:\Windows\system32\wininit.exe 564
C:\Windows\system32\csrss.exe 572
C:\Windows\system32\services.exe 612
C:\Windows\system32\lsass.exe 628
C:\Windows\system32\lsm.exe 636
C:\Windows\system32\winlogon.exe 676
C:\Windows\system32\svchost.exe 828
C:\Windows\system32\svchost.exe 896
C:\Windows\System32\svchost.exe 940
C:\Windows\system32\Ati2evxx.exe 992
C:\Windows\System32\svchost.exe 1020
C:\Windows\System32\svchost.exe 1176
C:\Windows\system32\svchost.exe 1196
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe 1220
C:\Windows\system32\SLsvc.exe 1384
C:\Windows\system32\Ati2evxx.exe 1432
C:\Windows\system32\svchost.exe 1448
C:\Windows\system32\Hpservice.exe 1596
C:\Windows\system32\Dwm.exe 1720
C:\Windows\system32\svchost.exe 1804
C:\Windows\Explorer.EXE 1904
C:\Windows\system32\runonce.exe 1964
C:\Windows\system32\WLANExt.exe 1972
C:\Windows\System32\spoolsv.exe 2028
C:\Windows\system32\taskeng.exe 2036
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 444
C:\Users\doudou\AppData\Local\Temp\Hxr.exe 464
C:\Windows\system32\conime.exe 576
C:\Windows\system32\svchost.exe 820
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe 1668
C:\Windows\system32\taskeng.exe 1592
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 1004
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2120
C:\Program Files\Bonjour\mDNSResponder.exe 2168
C:\Windows\system32\svchost.exe 2188
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2244
C:\Windows\system32\lxdxcoms.exe 2268
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 2344
C:\Windows\system32\svchost.exe 2400
C:\Program Files\SMINST\BLService.exe 2420
C:\Program Files\CyberLink\Shared files\RichVideo.exe 2540
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2552
C:\Windows\system32\svchost.exe 2612
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2684
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 2720
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 2736
C:\Windows\System32\svchost.exe 2760
C:\Windows\system32\SearchIndexer.exe 2796
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 2944
C:\Windows\system32\wbem\wmiprvse.exe 3676
################## | Infectious Elements |
Deleted! C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Deleted! C:\Users\doudou\AppData\Local\Temp\Hxp.exe
Deleted! C:\Users\doudou\AppData\Local\Temp\Hxq.exe
Deleted! C:\Users\doudou\AppData\Local\Temp\Hxr.exe
Deleted! C:\Users\doudou\AppData\Local\Temp\a.dat
Deleted! C:\$Recycle.Bin\S-1-5-18
Deleted! C:\$Recycle.Bin\S-1-5-21-1106465231-353655327-60150735-500
Deleted! C:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-1000
Deleted! C:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-500
Deleted! D:\$Recycle.Bin\S-1-5-18
Deleted! D:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-1000
Deleted! D:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-500
################## | Registry |
Deleted! [HKCU\SOFTWARE\BMIMZMHMFM]
Deleted! [HKCU\SOFTWARE\Microsoft\Handle]
Deleted! [HKCU\SOFTWARE\WS9E3IQBKY]
Deleted! [HKCU\SOFTWARE\XML]
Deleted! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"
Deleted! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LosAlamos"
Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
Deleted! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoClose"
################## | Mountpoints2 |
Deleted! HKCU\...\Explorer\MountPoints2\{26f6fe00-f16c-11de-88b7-00238b53fa22}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{4936e25d-e726-11de-806b-00238b53fa22}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{8d6e00f9-ea15-11dd-9d90-00238b53fa22}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{b52f6ccf-e469-11de-849b-00238b53fa22}\Shell\AutoRun\Command
################## | Listing of existing files |
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[21/01/2008 03:24|-rahs----|333203] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[?|?|?] C:\pagefile.sys
[30/11/2009 17:53|--a------|507] C:\TCleaner.txt
[27/01/2010 19:48|--a------|5377] C:\UsbFix.txt
[11/01/2009 00:38|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[12/09/2008 19:00|---hs----|1199] D:\Desktop.ini
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt
[18/01/2009 16:13|--ahs----|22] D:\HPCD.sys
[27/01/2010 19:36|--ahs----|282] D:\MASTER.LOG
[12/09/2008 18:17|---hs----|381873] D:\protect.arabic
[15/09/2008 16:57|---hs----|182624] D:\protect.bulgarian
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] D:\protect.czech
[03/11/2005 16:21|---hs----|181726] D:\protect.danish
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch
[10/09/2002 14:50|---hs----|181651] D:\protect.ed
[22/11/2004 16:28|---hs----|181648] D:\protect.english
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish
[03/11/2005 16:19|---hs----|181736] D:\protect.french
[03/11/2005 16:18|---hs----|181669] D:\protect.german
[23/11/2005 16:56|---hs----|182689] D:\protect.greek
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] D:\protect.italian
[19/06/2007 16:22|---hs----|182351] D:\protect.japanese
[24/11/2005 12:24|---hs----|218295] D:\protect.korean
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] D:\protect.polish
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
[15/09/2008 16:57|---hs----|181735] D:\protect.romanian
[28/06/2004 09:52|--a------|211936] D:\protect.russian
[04/07/2007 12:46|---hs----|181954] D:\protect.slovak
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish
[18/01/2009 14:45|-r-hs----|26] D:\RCBoot.sys
[18/01/2005 18:05|--a------|2144811] F:\Riddla - 05 - Parce Qu'on Vient De Loin.mp3
[20/12/2005 00:35|--a------|5670144] F:\Nina Sky & NORE - Oye Mi Canto.mp3
[20/12/2005 00:33|--a------|6960401] F:\Royal Gigolos - California dreaming.mp3
[30/12/2006 19:31|--a------|514510966] F:\rv.nrg
[21/05/2007 15:14|--a------|1849] F:\12.nri
[24/08/2006 19:32|--a------|11385] F:\msn.rtf
[04/09/2007 15:28|--a------|585] F:\My shared folders.lnk
[08/07/2006 12:46|--a------|37896236] F:\ Sean Paul - Get Busy.wav
[26/03/2006 17:04|--a------|4407623] F:\ Whitney Houston & Mariah Carey - When You Believe.mp3
[08/07/2006 12:46|--a------|48704052] F:\ Whitney Houston & Mariah Carey - When You Believe.wav
[26/03/2006 17:31|--a------|3657856] F:\(Laam) Petite soeur.mp3
[08/07/2006 12:46|--a------|40322100] F:\(Laam) Petite soeur.wav
[20/08/2006 18:58|--a------|3734758] F:\01 01 Track 1.wma
[20/08/2006 18:58|--a------|2951574] F:\01 All About Us.wma
[01/09/2006 18:34|--a------|3764496] F:\01 draw null.wma
[20/08/2006 18:58|--a------|3841998] F:\01 Rich Girl [Album Version].wma
[06/05/2007 21:45|--a------|3477462] F:\01 Someone.wma
[30/12/2007 22:44|--a------|4039206] F:\01 one day of peace.wma
[10/12/2006 17:06|--a------|3148782] F:\01 Look on their path.wma
[06/12/2006 12:08|--a------|3501654] F:\02 Boo.wma
[06/12/2006 11:59|--a------|5112772] F:\02 Schnappi the little crocodile.mp3
[08/07/2006 12:46|--a------|22549044] F:\02 Schnappi the little crocodile.wav
[20/08/2006 18:58|--a------|3573078] F:\02 What You Waiting For [Five].wma
[20/08/2006 18:59|--a------|4807106] F:\2_2_Maria carey - get your number.mp3
[08/07/2006 12:46|--a------|34511412] F:\2_2_Maria carey - get your number.wav
[20/08/2006 19:05|--a------|5275409] F:\2_Kelly Clarkson - Because Of You.mp3
[08/07/2006 12:46|--a------|38736948] F:\2_Kelly Clarkson - Because Of You.wav
[27/10/2006 16:21|--a------|5821589] F:\2_Marlène Duval and Phil Barney - to have only one child from you.mp3
[08/07/2006 12:46|--a------|42757676] F:\2_Marlène Duval and Phil Barney - to have only one child from you.wav
[26/03/2006 17:01|--a------|5931601] F:\2_Reggaeton ~ Pitbull Sean Paul Lil Jon - Culo Remix.mp3
[08/07/2006 12:46|--a------|53178420] F:\2_Reggaeton ~ Pitbull Sean Paul Lil Jon - Culo Remix.wav
[01/09/2006 18:34|--a------|4764032] F:\2_Sean Paul - Temperature.mp3
[08/07/2006 12:46|--a------|38248500] F:\2_Sean Paul - Temperature.wav
[19/04/2006 00:47|--a------|3812334] F:\03 03 Track 3.wma
[20/08/2006 18:58|--a------|3131182] F:\04 04 Track 4.wma
[20/08/2006 18:59|--a------|3148998] F:\04 Hey Sexy Wow.wma
[19/04/2006 00:47|--a------|3615126] F:\05 05 Track 5.wma
[06/12/2006 12:08|--a------|3985750] F:\05 And If You Didn't Exist.wma
[20/08/2006 18:59|--a------|4523478] F:\05 a wonderful era.wma
[20/08/2006 19:05|--a------|9945088] F:\06 - Baila Morena.mp3
[08/07/2006 12:46|--a------|43838004] F:\06 - Baila Morena.wav
[06/12/2006 12:08|--a------|3310462] F:\06 The Stake (Lift the Bas).wma
[06/12/2006 11:59|--a------|6044020] F:\06 Maria isabel before dead than simple.mp3
[08/07/2006 12:46|--a------|26659380] F:\06 Maria isabel before dead than simple.wav
[19/04/2006 00:47|--a------|3782454] F:\07 07 Track 7.wma
[06/12/2006 12:08|--a------|3250682] F:\07 The Free Man.wma
[29/03/2006 18:49|--a------|3283890] F:\07 Track 7.wma
[29/03/2006 18:49|--a------|3259986] F:\08 Track 8.wma
[06/12/2006 12:08|--a------|3639132] F:\09 I Make the Oath.wma
[20/08/2006 18:59|--a------|4051556] F:\09 my life.wma
[20/08/2006 18:58|--a------|3836350] F:\10 10 Track 10.wma
[06/12/2006 12:08|--a------|3119234] F:\10 The Best As the Worst.wma
[06/12/2006 11:59|--a------|8958868] F:\11 Leslie living for tomorrow.mp3
[08/07/2006 12:46|--a------|39524916] F:\11 Leslie living for tomorrow.wav
[06/12/2006 12:08|--a------|3465818] F:\11 My Aphrodite.wma
[08/07/2006 12:46|--a------|63564852] F:\11. Nocturnal Confessions with Vitaa.wav
[06/12/2006 12:08|--a------|5294486] F:\12 Give Me Strength.wma
[29/03/2006 18:50|--a------|2518962] F:\12 Track 12.wma
[20/08/2006 18:58|--a------|3555478] F:\13 13 Track 13.wma
[06/12/2006 12:08|--a------|4248666] F:\13 Hello [-].wma
[06/12/2006 12:08|--a------|4194884] F:\14 Beauty [-].wma
[19/04/2006 00:47|--a------|4314318] F:\15 15 Track 15.wma
[20/08/2006 18:58|--a------|2844334] F:\16 16 Track 16.wma
[19/04/2006 00:47|--a------|4756542] F:\17 17 Track 17.wma
[20/08/2006 18:58|--a------|3609262] F:\18 18 Track 18.wma
[19/04/2006 00:48|--a------|3292422] F:\19 19 Track 19.wma
[20/08/2006 18:58|--a------|7003630] F:\20 20 Track 20.wma
[29/03/2006 18:51|--a------|3660378] F:\20 Track 20.wma
[29/03/2006 18:51|--a------|3355602] F:\21 Track 21.wma
[26/03/2006 09:32|--a------|3863586] F:\Akon Lonely.wma
[20/08/2006 18:59|--a------|3588642] F:\Amel bent Don't hold back your tears.wma
[22/06/2006 18:39|--a------|6403232] F:\Black Eyed Peas - Pump It.mp3
[08/07/2006 12:46|--a------|41131052] F:\Black Eyed Peas - Pump It.wav
[23/08/2006 19:54|--a------|226] F:\DEFAULT.PLS
[09/04/2006 13:23|--a------|2961222] F:\Lou Bega.wma
[30/01/2009 16:57|--a------|4290183] F:\Carla_Bruni_-_Someone_told_me.mp3
[08/07/2006 12:47|--a------|29405748] F:\Carla_Bruni_-_Someone_told_me.wav
[20/08/2006 22:34|--a------|4841539] F:\Celine Dion - Love and Friendship.mp3
[30/06/2006 13:23|--a------|3013112] F:\Choum - Mamie Girl (Barby Girl).mp3
[08/07/2006 12:47|--a------|33292844] F:\Choum - Mamie Girl (Barby Girl).wav
[30/06/2006 13:44|--a------|960436] F:\Choum Dirty song - I have the dick that sticks.mp3
[08/07/2006 12:47|--a------|2648244] F:\Choum Dirty song - I have the dick that sticks.wav
[23/08/2006 17:55|--a------|3694803] F:\Dadoo feat Vitaa-Easy girl(1).mp3
[25/03/2006 20:21|--a------|1682595] F:\Dezil The river.wma
[20/08/2006 14:08|--a------|4082251] F:\Didier Barbelivien & Felix Gray - To all girls.mp3
[20/08/2006 19:05|--a------|5729456] F:\Doc Gyneco and Jhonny Hallyday - Time passes.mp3
[08/07/2006 12:47|--a------|42358836] F:\Doc Gyneco and Jhonny Hallyday - Time passes.wav
[09/12/2005 07:22|--a------|703] F:\music samples.lnk
[26/03/2006 17:47|--a------|7242571] F:\Emmanuel Moire - My Essential- The Sun King.mp3
[08/07/2006 12:47|--a------|31940148] F:\Emmanuel Moire - My Essential- The Sun King.wav
[14/03/2006 14:28|--a------|2763258] F:\frederica felini I love you.mp3
[08/07/2006 12:47|--a------|30458924] F:\frederica felini I love you.wav
[15/06/2005 08:07|--a------|403456] F:\Get More with Jukebox Plus.mp3
[08/07/2006 12:47|--a------|2932276] F:\Get More with Jukebox Plus.wav
[01/04/2008 21:44|--a------|2832500] F:\man-woman act II.wma
[12/03/2006 13:02|--a------|5750912] F:\KAYSHA AND LYNNSHA - Mix (Kaysha And Lynsha).mp3
[08/07/2006 12:47|--a------|63398964] F:\KAYSHA AND LYNNSHA - Mix (Kaysha And Lynsha).wav
[09/04/2006 12:00|--a------|3224166] F:\the bronzed.wma
[24/08/2006 18:59|--a------|3235738] F:\Keny Arkana - a nice dream.mp3
[21/08/2006 20:54|--a------|1644674] F:\Keny Arkana-penalty.mp3
[29/08/2006 23:43|--a------|10413948] F:\Kizito - Response to the clash of Sinik and Diams.mp3
[30/06/2006 15:31|--a------|4503562] F:\The 6-9 Nrj - Breakfast (Parody Dj Diam's).mp3
[08/07/2006 12:47|--a------|28368948] F:\The 6-9 Nrj - Breakfast (Parody Dj Diam's).wav
[21/08/2006 20:52|--a------|5126277] F:\The Walls Of My City 1.mp3
[20/08/2006 18:59|--a------|3857578] F:\live is life.wma
[28/08/2006 17:36|--a------|3313726] F:\Lord Kossity- Sex in the pool.mp3
[11/03/2006 23:45|--a------|4810628] F:\Lynsha - Appointment.mp3
[08/07/2006 12:47|--a------|35357228] F:\Lynsha - Appointment.wav
[26/03/2006 17:24|--a------|4066864] F:\Mariah Carey & Jay-Z - Heartbreaker.mp3
[08/07/2006 12:47|--a------|44835884] F:\Mariah Carey & Jay-Z - Heartbreaker.wav
[08/07/2006 00:00|--a------|328] F:\My documents.lnk
[06/11/2007 22:07|--a------|5117952] F:\james deano - service_do_nothing.mp3
[06/11/2007 21:20|--a------|1219988] F:\James deano - Slave of the system.loris.mp3
[06/11/2007 21:20|--a------|4753102] F:\James Deano - have you seen yourself.mp3
[19/11/2007 22:43|--a------|2479879] F:\African Drums - Surutu Kunu - Djembe solo.mp3
[06/11/2007 21:19|--a------|2402432] F:\James Deano - My life is Koh-Lanta.mp3
[06/11/2007 21:23|--a------|3199521] F:\James Deano - Marijuana (Feat. S.KAA).mp3
[06/11/2007 21:24|--a------|6509802] F:\James Deano - Unknown Album - I love shit.mp3
[06/11/2007 21:22|--a------|5304714] F:\james_deano - alcoholics_(unpublished).mp3
[06/11/2007 21:49|--a------|3845269] F:\Leyla & Samia-let me love you(creil).mp3
[06/11/2007 21:38|--a------|4843779] F:\Samia - Be there one last time..mp3
[06/11/2007 21:51|--a------|3896838] F:\Samia - I'm Living My Dream.mp3
[06/11/2007 21:47|--a------|3313387] F:\Samia - Melancholic anonymous.mp3
[06/11/2007 22:04|--a------|3660128] F:\Samiam - Regret.mp3
[06/11/2007 21:36|--a------|2986361] F:\Samia - Dad.mp3
[06/11/2007 21:38|--a------|1770278] F:\Samia - You.mp3
[06/11/2007 21:37|--a------|4896776] F:\SAMIA Too young.mp3
[06/11/2007 21:36|--a------|3781320] F:\SAMIA_come back my sister.mp3
[06/11/2007 21:53|--a------|3428903] F:\Sig ft samia - so much harm.mp3
[19/11/2007 23:16|--a------|5763208] F:\01. Sinik - From up there.mp3
[19/11/2007 22:54|--a------|121836] F:\Sherifa Luna Album.mp3
[18/11/2007 15:50|--a------|8331079] F:\Blow Coxx - IN SEARCH OF MY NEW GIRL.mp3
[18/11/2007 15:05|--a------|5794519] F:\Britney Spears - Gimmie more(1).mp3
[19/11/2007 23:19|--a------|6022501] F:\In my club - Sinik - The roof of the world.mp3
[19/11/2007 22:40|--a------|116877] F:\The roof of the world - 04 - Sinik - In my club.mp3
[18/11/2007 15:19|--a------|3649534] F:\Monsieur R & Akhenaton - And if it was tomorrow.mp3
[18/11/2007 15:03|--a------|5061161] F:\Sherifa Luna - Somewhere (Top Quality).mp3
[19/11/2007 22:54|--a------|1901295] F:\Sherifa,Zack & StCyr - Someone like you (Pop Star).mp3
[19/11/2007 22:57|--a------|3562197] F:\Sheryfa_Luna_-_He_Had_Words-2007-BY_POP.mp3
[19/11/2007 23:19|--a------|1530883] F:\Sinik - The world is yours.mp3
[19/11/2007 23:15|--a------|4013448] F:\Sinik - The roof of the world - Too much for one man.mp3
[18/11/2007 15:20|--a------|5420038] F:\Sinik feat Kayna Samet - From up there.mp3
[19/11/2007 22:42|--a------|5839143] F:\Soprano - We Were Told.mp3
[15/09/2007 14:22|--a------|4815717] F:\Fireball - WHAT I WANT (Greatest Riddim) (Soca 2007).mp3
[14/10/2007 14:18|--a------|7211874] F:\Football anthems - Marseille supporters - Live Marseille At Vlodrome - Chants
User : doudou (Administrators) # PC-DE-DOUDOU
Update on 27/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:37:10 | 27/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) X2 Dual-Core QL-64
Microsoft® Windows Vista™ Home Premium Edition (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled
C:\ -> Local fixed disk # 138.49 Go (37.46 Go free) # NTFS
D:\ -> Local fixed disk # 10.55 Go (1.78 Go free) [RECOVERY] # NTFS
E:\ -> CD-ROM drive
F:\ -> Local fixed disk # 465.65 Go (330.67 Go free) [DATA] # FAT32
############################## | Active Processes |
C:\Windows\System32\smss.exe 432
C:\Windows\system32\csrss.exe 504
C:\Windows\system32\wininit.exe 564
C:\Windows\system32\csrss.exe 572
C:\Windows\system32\services.exe 612
C:\Windows\system32\lsass.exe 628
C:\Windows\system32\lsm.exe 636
C:\Windows\system32\winlogon.exe 676
C:\Windows\system32\svchost.exe 828
C:\Windows\system32\svchost.exe 896
C:\Windows\System32\svchost.exe 940
C:\Windows\system32\Ati2evxx.exe 992
C:\Windows\System32\svchost.exe 1020
C:\Windows\System32\svchost.exe 1176
C:\Windows\system32\svchost.exe 1196
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe 1220
C:\Windows\system32\SLsvc.exe 1384
C:\Windows\system32\Ati2evxx.exe 1432
C:\Windows\system32\svchost.exe 1448
C:\Windows\system32\Hpservice.exe 1596
C:\Windows\system32\Dwm.exe 1720
C:\Windows\system32\svchost.exe 1804
C:\Windows\Explorer.EXE 1904
C:\Windows\system32\runonce.exe 1964
C:\Windows\system32\WLANExt.exe 1972
C:\Windows\System32\spoolsv.exe 2028
C:\Windows\system32\taskeng.exe 2036
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe 444
C:\Users\doudou\AppData\Local\Temp\Hxr.exe 464
C:\Windows\system32\conime.exe 576
C:\Windows\system32\svchost.exe 820
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe 1668
C:\Windows\system32\taskeng.exe 1592
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 1004
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2120
C:\Program Files\Bonjour\mDNSResponder.exe 2168
C:\Windows\system32\svchost.exe 2188
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2244
C:\Windows\system32\lxdxcoms.exe 2268
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 2344
C:\Windows\system32\svchost.exe 2400
C:\Program Files\SMINST\BLService.exe 2420
C:\Program Files\CyberLink\Shared files\RichVideo.exe 2540
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2552
C:\Windows\system32\svchost.exe 2612
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2684
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe 2720
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe 2736
C:\Windows\System32\svchost.exe 2760
C:\Windows\system32\SearchIndexer.exe 2796
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 2944
C:\Windows\system32\wbem\wmiprvse.exe 3676
################## | Infectious Elements |
Deleted! C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Deleted! C:\Users\doudou\AppData\Local\Temp\Hxp.exe
Deleted! C:\Users\doudou\AppData\Local\Temp\Hxq.exe
Deleted! C:\Users\doudou\AppData\Local\Temp\Hxr.exe
Deleted! C:\Users\doudou\AppData\Local\Temp\a.dat
Deleted! C:\$Recycle.Bin\S-1-5-18
Deleted! C:\$Recycle.Bin\S-1-5-21-1106465231-353655327-60150735-500
Deleted! C:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-1000
Deleted! C:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-500
Deleted! D:\$Recycle.Bin\S-1-5-18
Deleted! D:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-1000
Deleted! D:\$Recycle.Bin\S-1-5-21-617543292-1238902445-2930710245-500
################## | Registry |
Deleted! [HKCU\SOFTWARE\BMIMZMHMFM]
Deleted! [HKCU\SOFTWARE\Microsoft\Handle]
Deleted! [HKCU\SOFTWARE\WS9E3IQBKY]
Deleted! [HKCU\SOFTWARE\XML]
Deleted! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BMIMZMHMFM"
Deleted! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LosAlamos"
Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
Deleted! [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"
Deleted! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoClose"
################## | Mountpoints2 |
Deleted! HKCU\...\Explorer\MountPoints2\{26f6fe00-f16c-11de-88b7-00238b53fa22}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{4936e25d-e726-11de-806b-00238b53fa22}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{8d6e00f9-ea15-11dd-9d90-00238b53fa22}\Shell\AutoRun\Command
Deleted! HKCU\...\Explorer\MountPoints2\{b52f6ccf-e469-11de-849b-00238b53fa22}\Shell\AutoRun\Command
################## | Listing of existing files |
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[21/01/2008 03:24|-rahs----|333203] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[?|?|?] C:\pagefile.sys
[30/11/2009 17:53|--a------|507] C:\TCleaner.txt
[27/01/2010 19:48|--a------|5377] C:\UsbFix.txt
[11/01/2009 00:38|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[12/09/2008 19:00|---hs----|1199] D:\Desktop.ini
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt
[18/01/2009 16:13|--ahs----|22] D:\HPCD.sys
[27/01/2010 19:36|--ahs----|282] D:\MASTER.LOG
[12/09/2008 18:17|---hs----|381873] D:\protect.arabic
[15/09/2008 16:57|---hs----|182624] D:\protect.bulgarian
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] D:\protect.czech
[03/11/2005 16:21|---hs----|181726] D:\protect.danish
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch
[10/09/2002 14:50|---hs----|181651] D:\protect.ed
[22/11/2004 16:28|---hs----|181648] D:\protect.english
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish
[03/11/2005 16:19|---hs----|181736] D:\protect.french
[03/11/2005 16:18|---hs----|181669] D:\protect.german
[23/11/2005 16:56|---hs----|182689] D:\protect.greek
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] D:\protect.italian
[19/06/2007 16:22|---hs----|182351] D:\protect.japanese
[24/11/2005 12:24|---hs----|218295] D:\protect.korean
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] D:\protect.polish
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
[15/09/2008 16:57|---hs----|181735] D:\protect.romanian
[28/06/2004 09:52|--a------|211936] D:\protect.russian
[04/07/2007 12:46|---hs----|181954] D:\protect.slovak
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish
[18/01/2009 14:45|-r-hs----|26] D:\RCBoot.sys
[18/01/2005 18:05|--a------|2144811] F:\Riddla - 05 - Parce Qu'on Vient De Loin.mp3
[20/12/2005 00:35|--a------|5670144] F:\Nina Sky & NORE - Oye Mi Canto.mp3
[20/12/2005 00:33|--a------|6960401] F:\Royal Gigolos - California dreaming.mp3
[30/12/2006 19:31|--a------|514510966] F:\rv.nrg
[21/05/2007 15:14|--a------|1849] F:\12.nri
[24/08/2006 19:32|--a------|11385] F:\msn.rtf
[04/09/2007 15:28|--a------|585] F:\My shared folders.lnk
[08/07/2006 12:46|--a------|37896236] F:\ Sean Paul - Get Busy.wav
[26/03/2006 17:04|--a------|4407623] F:\ Whitney Houston & Mariah Carey - When You Believe.mp3
[08/07/2006 12:46|--a------|48704052] F:\ Whitney Houston & Mariah Carey - When You Believe.wav
[26/03/2006 17:31|--a------|3657856] F:\(Laam) Petite soeur.mp3
[08/07/2006 12:46|--a------|40322100] F:\(Laam) Petite soeur.wav
[20/08/2006 18:58|--a------|3734758] F:\01 01 Track 1.wma
[20/08/2006 18:58|--a------|2951574] F:\01 All About Us.wma
[01/09/2006 18:34|--a------|3764496] F:\01 draw null.wma
[20/08/2006 18:58|--a------|3841998] F:\01 Rich Girl [Album Version].wma
[06/05/2007 21:45|--a------|3477462] F:\01 Someone.wma
[30/12/2007 22:44|--a------|4039206] F:\01 one day of peace.wma
[10/12/2006 17:06|--a------|3148782] F:\01 Look on their path.wma
[06/12/2006 12:08|--a------|3501654] F:\02 Boo.wma
[06/12/2006 11:59|--a------|5112772] F:\02 Schnappi the little crocodile.mp3
[08/07/2006 12:46|--a------|22549044] F:\02 Schnappi the little crocodile.wav
[20/08/2006 18:58|--a------|3573078] F:\02 What You Waiting For [Five].wma
[20/08/2006 18:59|--a------|4807106] F:\2_2_Maria carey - get your number.mp3
[08/07/2006 12:46|--a------|34511412] F:\2_2_Maria carey - get your number.wav
[20/08/2006 19:05|--a------|5275409] F:\2_Kelly Clarkson - Because Of You.mp3
[08/07/2006 12:46|--a------|38736948] F:\2_Kelly Clarkson - Because Of You.wav
[27/10/2006 16:21|--a------|5821589] F:\2_Marlène Duval and Phil Barney - to have only one child from you.mp3
[08/07/2006 12:46|--a------|42757676] F:\2_Marlène Duval and Phil Barney - to have only one child from you.wav
[26/03/2006 17:01|--a------|5931601] F:\2_Reggaeton ~ Pitbull Sean Paul Lil Jon - Culo Remix.mp3
[08/07/2006 12:46|--a------|53178420] F:\2_Reggaeton ~ Pitbull Sean Paul Lil Jon - Culo Remix.wav
[01/09/2006 18:34|--a------|4764032] F:\2_Sean Paul - Temperature.mp3
[08/07/2006 12:46|--a------|38248500] F:\2_Sean Paul - Temperature.wav
[19/04/2006 00:47|--a------|3812334] F:\03 03 Track 3.wma
[20/08/2006 18:58|--a------|3131182] F:\04 04 Track 4.wma
[20/08/2006 18:59|--a------|3148998] F:\04 Hey Sexy Wow.wma
[19/04/2006 00:47|--a------|3615126] F:\05 05 Track 5.wma
[06/12/2006 12:08|--a------|3985750] F:\05 And If You Didn't Exist.wma
[20/08/2006 18:59|--a------|4523478] F:\05 a wonderful era.wma
[20/08/2006 19:05|--a------|9945088] F:\06 - Baila Morena.mp3
[08/07/2006 12:46|--a------|43838004] F:\06 - Baila Morena.wav
[06/12/2006 12:08|--a------|3310462] F:\06 The Stake (Lift the Bas).wma
[06/12/2006 11:59|--a------|6044020] F:\06 Maria isabel before dead than simple.mp3
[08/07/2006 12:46|--a------|26659380] F:\06 Maria isabel before dead than simple.wav
[19/04/2006 00:47|--a------|3782454] F:\07 07 Track 7.wma
[06/12/2006 12:08|--a------|3250682] F:\07 The Free Man.wma
[29/03/2006 18:49|--a------|3283890] F:\07 Track 7.wma
[29/03/2006 18:49|--a------|3259986] F:\08 Track 8.wma
[06/12/2006 12:08|--a------|3639132] F:\09 I Make the Oath.wma
[20/08/2006 18:59|--a------|4051556] F:\09 my life.wma
[20/08/2006 18:58|--a------|3836350] F:\10 10 Track 10.wma
[06/12/2006 12:08|--a------|3119234] F:\10 The Best As the Worst.wma
[06/12/2006 11:59|--a------|8958868] F:\11 Leslie living for tomorrow.mp3
[08/07/2006 12:46|--a------|39524916] F:\11 Leslie living for tomorrow.wav
[06/12/2006 12:08|--a------|3465818] F:\11 My Aphrodite.wma
[08/07/2006 12:46|--a------|63564852] F:\11. Nocturnal Confessions with Vitaa.wav
[06/12/2006 12:08|--a------|5294486] F:\12 Give Me Strength.wma
[29/03/2006 18:50|--a------|2518962] F:\12 Track 12.wma
[20/08/2006 18:58|--a------|3555478] F:\13 13 Track 13.wma
[06/12/2006 12:08|--a------|4248666] F:\13 Hello [-].wma
[06/12/2006 12:08|--a------|4194884] F:\14 Beauty [-].wma
[19/04/2006 00:47|--a------|4314318] F:\15 15 Track 15.wma
[20/08/2006 18:58|--a------|2844334] F:\16 16 Track 16.wma
[19/04/2006 00:47|--a------|4756542] F:\17 17 Track 17.wma
[20/08/2006 18:58|--a------|3609262] F:\18 18 Track 18.wma
[19/04/2006 00:48|--a------|3292422] F:\19 19 Track 19.wma
[20/08/2006 18:58|--a------|7003630] F:\20 20 Track 20.wma
[29/03/2006 18:51|--a------|3660378] F:\20 Track 20.wma
[29/03/2006 18:51|--a------|3355602] F:\21 Track 21.wma
[26/03/2006 09:32|--a------|3863586] F:\Akon Lonely.wma
[20/08/2006 18:59|--a------|3588642] F:\Amel bent Don't hold back your tears.wma
[22/06/2006 18:39|--a------|6403232] F:\Black Eyed Peas - Pump It.mp3
[08/07/2006 12:46|--a------|41131052] F:\Black Eyed Peas - Pump It.wav
[23/08/2006 19:54|--a------|226] F:\DEFAULT.PLS
[09/04/2006 13:23|--a------|2961222] F:\Lou Bega.wma
[30/01/2009 16:57|--a------|4290183] F:\Carla_Bruni_-_Someone_told_me.mp3
[08/07/2006 12:47|--a------|29405748] F:\Carla_Bruni_-_Someone_told_me.wav
[20/08/2006 22:34|--a------|4841539] F:\Celine Dion - Love and Friendship.mp3
[30/06/2006 13:23|--a------|3013112] F:\Choum - Mamie Girl (Barby Girl).mp3
[08/07/2006 12:47|--a------|33292844] F:\Choum - Mamie Girl (Barby Girl).wav
[30/06/2006 13:44|--a------|960436] F:\Choum Dirty song - I have the dick that sticks.mp3
[08/07/2006 12:47|--a------|2648244] F:\Choum Dirty song - I have the dick that sticks.wav
[23/08/2006 17:55|--a------|3694803] F:\Dadoo feat Vitaa-Easy girl(1).mp3
[25/03/2006 20:21|--a------|1682595] F:\Dezil The river.wma
[20/08/2006 14:08|--a------|4082251] F:\Didier Barbelivien & Felix Gray - To all girls.mp3
[20/08/2006 19:05|--a------|5729456] F:\Doc Gyneco and Jhonny Hallyday - Time passes.mp3
[08/07/2006 12:47|--a------|42358836] F:\Doc Gyneco and Jhonny Hallyday - Time passes.wav
[09/12/2005 07:22|--a------|703] F:\music samples.lnk
[26/03/2006 17:47|--a------|7242571] F:\Emmanuel Moire - My Essential- The Sun King.mp3
[08/07/2006 12:47|--a------|31940148] F:\Emmanuel Moire - My Essential- The Sun King.wav
[14/03/2006 14:28|--a------|2763258] F:\frederica felini I love you.mp3
[08/07/2006 12:47|--a------|30458924] F:\frederica felini I love you.wav
[15/06/2005 08:07|--a------|403456] F:\Get More with Jukebox Plus.mp3
[08/07/2006 12:47|--a------|2932276] F:\Get More with Jukebox Plus.wav
[01/04/2008 21:44|--a------|2832500] F:\man-woman act II.wma
[12/03/2006 13:02|--a------|5750912] F:\KAYSHA AND LYNNSHA - Mix (Kaysha And Lynsha).mp3
[08/07/2006 12:47|--a------|63398964] F:\KAYSHA AND LYNNSHA - Mix (Kaysha And Lynsha).wav
[09/04/2006 12:00|--a------|3224166] F:\the bronzed.wma
[24/08/2006 18:59|--a------|3235738] F:\Keny Arkana - a nice dream.mp3
[21/08/2006 20:54|--a------|1644674] F:\Keny Arkana-penalty.mp3
[29/08/2006 23:43|--a------|10413948] F:\Kizito - Response to the clash of Sinik and Diams.mp3
[30/06/2006 15:31|--a------|4503562] F:\The 6-9 Nrj - Breakfast (Parody Dj Diam's).mp3
[08/07/2006 12:47|--a------|28368948] F:\The 6-9 Nrj - Breakfast (Parody Dj Diam's).wav
[21/08/2006 20:52|--a------|5126277] F:\The Walls Of My City 1.mp3
[20/08/2006 18:59|--a------|3857578] F:\live is life.wma
[28/08/2006 17:36|--a------|3313726] F:\Lord Kossity- Sex in the pool.mp3
[11/03/2006 23:45|--a------|4810628] F:\Lynsha - Appointment.mp3
[08/07/2006 12:47|--a------|35357228] F:\Lynsha - Appointment.wav
[26/03/2006 17:24|--a------|4066864] F:\Mariah Carey & Jay-Z - Heartbreaker.mp3
[08/07/2006 12:47|--a------|44835884] F:\Mariah Carey & Jay-Z - Heartbreaker.wav
[08/07/2006 00:00|--a------|328] F:\My documents.lnk
[06/11/2007 22:07|--a------|5117952] F:\james deano - service_do_nothing.mp3
[06/11/2007 21:20|--a------|1219988] F:\James deano - Slave of the system.loris.mp3
[06/11/2007 21:20|--a------|4753102] F:\James Deano - have you seen yourself.mp3
[19/11/2007 22:43|--a------|2479879] F:\African Drums - Surutu Kunu - Djembe solo.mp3
[06/11/2007 21:19|--a------|2402432] F:\James Deano - My life is Koh-Lanta.mp3
[06/11/2007 21:23|--a------|3199521] F:\James Deano - Marijuana (Feat. S.KAA).mp3
[06/11/2007 21:24|--a------|6509802] F:\James Deano - Unknown Album - I love shit.mp3
[06/11/2007 21:22|--a------|5304714] F:\james_deano - alcoholics_(unpublished).mp3
[06/11/2007 21:49|--a------|3845269] F:\Leyla & Samia-let me love you(creil).mp3
[06/11/2007 21:38|--a------|4843779] F:\Samia - Be there one last time..mp3
[06/11/2007 21:51|--a------|3896838] F:\Samia - I'm Living My Dream.mp3
[06/11/2007 21:47|--a------|3313387] F:\Samia - Melancholic anonymous.mp3
[06/11/2007 22:04|--a------|3660128] F:\Samiam - Regret.mp3
[06/11/2007 21:36|--a------|2986361] F:\Samia - Dad.mp3
[06/11/2007 21:38|--a------|1770278] F:\Samia - You.mp3
[06/11/2007 21:37|--a------|4896776] F:\SAMIA Too young.mp3
[06/11/2007 21:36|--a------|3781320] F:\SAMIA_come back my sister.mp3
[06/11/2007 21:53|--a------|3428903] F:\Sig ft samia - so much harm.mp3
[19/11/2007 23:16|--a------|5763208] F:\01. Sinik - From up there.mp3
[19/11/2007 22:54|--a------|121836] F:\Sherifa Luna Album.mp3
[18/11/2007 15:50|--a------|8331079] F:\Blow Coxx - IN SEARCH OF MY NEW GIRL.mp3
[18/11/2007 15:05|--a------|5794519] F:\Britney Spears - Gimmie more(1).mp3
[19/11/2007 23:19|--a------|6022501] F:\In my club - Sinik - The roof of the world.mp3
[19/11/2007 22:40|--a------|116877] F:\The roof of the world - 04 - Sinik - In my club.mp3
[18/11/2007 15:19|--a------|3649534] F:\Monsieur R & Akhenaton - And if it was tomorrow.mp3
[18/11/2007 15:03|--a------|5061161] F:\Sherifa Luna - Somewhere (Top Quality).mp3
[19/11/2007 22:54|--a------|1901295] F:\Sherifa,Zack & StCyr - Someone like you (Pop Star).mp3
[19/11/2007 22:57|--a------|3562197] F:\Sheryfa_Luna_-_He_Had_Words-2007-BY_POP.mp3
[19/11/2007 23:19|--a------|1530883] F:\Sinik - The world is yours.mp3
[19/11/2007 23:15|--a------|4013448] F:\Sinik - The roof of the world - Too much for one man.mp3
[18/11/2007 15:20|--a------|5420038] F:\Sinik feat Kayna Samet - From up there.mp3
[19/11/2007 22:42|--a------|5839143] F:\Soprano - We Were Told.mp3
[15/09/2007 14:22|--a------|4815717] F:\Fireball - WHAT I WANT (Greatest Riddim) (Soca 2007).mp3
[14/10/2007 14:18|--a------|7211874] F:\Football anthems - Marseille supporters - Live Marseille At Vlodrome - Chants
Ok, I saw the report in DM.
#####
• Download OTM (OldTimer) to your Desktop.
• Right-click on OTM.exe and choose Run as administrator.
• Copy (Ctrl+C) the following text below:
:processes
explorer.exe
:files
c:\windows\system32\frcqtxz.dll
C:\Users\doudou\AppData\Local\Temp\mldnjz.exe
C:\Users\doudou\AppData\Roaming\SystemProc
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sefjhf98jfoidsfoishgoiusgdgfgd"=-
:commands
[purity]
[emptytemp]
[reboot]
• Paste (Ctrl+V) the previously copied text into the Paste Instructions for Items to be Moved box.
• Now click the MoveIt! button then close OTM.
---> If a file or folder cannot be deleted immediately, the software will ask you to restart.
Accept by clicking YES.
• Post the report located in this folder: C:\_OTM\MovedFiles\
---> The name of the report corresponds to the time of its creation: date_time.log
#########
• Download Malwarebytes' Anti-Malware (MBAM) to your Desktop.
• Double-click the downloaded file to start the installation process.
• In the Update tab, click the Check for Updates button: if the firewall asks for permission for MBAM to connect to the Internet, accept.
• Once the update is complete, go to the Scan tab.
• Select Run a Quick Scan.
• Click on Scan. The scan will start.
• At the end of the scan, a message will appear:
"The scan has completed successfully. Click 'Show Results' to view all detected items."
• Click OK to continue. If MBAM finds nothing, it will also let you know.
• Close your browsers.
• If any malware was detected, click Show Results.
• Select all (or leave checked) and click Remove Selected, MBAM will destroy the infected files and registry keys and place a copy in quarantine.
• MBAM will open Notepad and copy the scan report there. Copy and paste this report into your next response.
#####
• Download OTM (OldTimer) to your Desktop.
• Right-click on OTM.exe and choose Run as administrator.
• Copy (Ctrl+C) the following text below:
:processes
explorer.exe
:files
c:\windows\system32\frcqtxz.dll
C:\Users\doudou\AppData\Local\Temp\mldnjz.exe
C:\Users\doudou\AppData\Roaming\SystemProc
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"sefjhf98jfoidsfoishgoiusgdgfgd"=-
:commands
[purity]
[emptytemp]
[reboot]
• Paste (Ctrl+V) the previously copied text into the Paste Instructions for Items to be Moved box.
• Now click the MoveIt! button then close OTM.
---> If a file or folder cannot be deleted immediately, the software will ask you to restart.
Accept by clicking YES.
• Post the report located in this folder: C:\_OTM\MovedFiles\
---> The name of the report corresponds to the time of its creation: date_time.log
#########
• Download Malwarebytes' Anti-Malware (MBAM) to your Desktop.
• Double-click the downloaded file to start the installation process.
• In the Update tab, click the Check for Updates button: if the firewall asks for permission for MBAM to connect to the Internet, accept.
• Once the update is complete, go to the Scan tab.
• Select Run a Quick Scan.
• Click on Scan. The scan will start.
• At the end of the scan, a message will appear:
"The scan has completed successfully. Click 'Show Results' to view all detected items."
• Click OK to continue. If MBAM finds nothing, it will also let you know.
• Close your browsers.
• If any malware was detected, click Show Results.
• Select all (or leave checked) and click Remove Selected, MBAM will destroy the infected files and registry keys and place a copy in quarantine.
• MBAM will open Notepad and copy the scan report there. Copy and paste this report into your next response.
Tous les processus ont été arrêtés
========== PROCESSES ==========
Aucun processus actif nommé explorer.exe n'a été trouvé !
========== FILES ==========
Fichier/Dossier c:\windows\system32\frcqtxz.dll non trouvé.
Fichier/Dossier C:\Users\doudou\AppData\Local\Temp\mldnjz.exe non trouvé.
Dossier C:\Users\doudou\AppData\Roaming\SystemProc déplacé avec succès.
========== REGISTRY ==========
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}\ non trouvée.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}\ supprimée avec succès.
Clé de registre HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run non trouvée.
========== COMMANDS ==========
[EMPTYTEMP]
Utilisateur : Tous les utilisateurs
Utilisateur : Par défaut
->Dossier Temp vidé : 0 octets
->Dossier des fichiers Internet temporaires vidé : 33170 octets
Utilisateur : Utilisateur par défaut
->Dossier Temp vidé : 0 octets
->Dossier des fichiers Internet temporaires vidé : 0 octets
Utilisateur : doudou
->Dossier Temp vidé : 1375232923 octets
->Dossier des fichiers Internet temporaires vidé : 66695955 octets
->Cache Java vidé : 26033020 octets
->Cache FireFox vidé : 38833782 octets
Utilisateur : Public
Fichiers .tmp %systemdrive% supprimés : 0 octets
Fichiers .tmp %systemroot% supprimés : 0 octets
Fichiers .tmp %systemroot%\System32 supprimés : 0 octets
Fichiers .tmp %systemroot%\System32\drivers supprimés : 0 octets
Dossier Temp de Windows vidé : 13341516 octets
Dossier %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files vidé : 0 octets
Dossier %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files vidé : 114143 octets
Corbeille vidée : 0 octets
Total des fichiers nettoyés = 1 450,00 mo
OTM par OldTimer - Version 3.1.7.0, journal créé le 27/01/2010_20:31:03
Fichiers déplacés au redémarrage...
Fichier C:\Windows\temp\TMP00000041AB6BCEE3DD0BFA40 non trouvé !
Fichier C:\Windows\temp\TMP0000004E1585CE48354408B5 non trouvé !
Entrées de registre supprimées au redémarrage...
========== PROCESSES ==========
Aucun processus actif nommé explorer.exe n'a été trouvé !
========== FILES ==========
Fichier/Dossier c:\windows\system32\frcqtxz.dll non trouvé.
Fichier/Dossier C:\Users\doudou\AppData\Local\Temp\mldnjz.exe non trouvé.
Dossier C:\Users\doudou\AppData\Roaming\SystemProc déplacé avec succès.
========== REGISTRY ==========
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}\ non trouvée.
Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}\ supprimée avec succès.
Clé de registre HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run non trouvée.
========== COMMANDS ==========
[EMPTYTEMP]
Utilisateur : Tous les utilisateurs
Utilisateur : Par défaut
->Dossier Temp vidé : 0 octets
->Dossier des fichiers Internet temporaires vidé : 33170 octets
Utilisateur : Utilisateur par défaut
->Dossier Temp vidé : 0 octets
->Dossier des fichiers Internet temporaires vidé : 0 octets
Utilisateur : doudou
->Dossier Temp vidé : 1375232923 octets
->Dossier des fichiers Internet temporaires vidé : 66695955 octets
->Cache Java vidé : 26033020 octets
->Cache FireFox vidé : 38833782 octets
Utilisateur : Public
Fichiers .tmp %systemdrive% supprimés : 0 octets
Fichiers .tmp %systemroot% supprimés : 0 octets
Fichiers .tmp %systemroot%\System32 supprimés : 0 octets
Fichiers .tmp %systemroot%\System32\drivers supprimés : 0 octets
Dossier Temp de Windows vidé : 13341516 octets
Dossier %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files vidé : 0 octets
Dossier %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files vidé : 114143 octets
Corbeille vidée : 0 octets
Total des fichiers nettoyés = 1 450,00 mo
OTM par OldTimer - Version 3.1.7.0, journal créé le 27/01/2010_20:31:03
Fichiers déplacés au redémarrage...
Fichier C:\Windows\temp\TMP00000041AB6BCEE3DD0BFA40 non trouvé !
Fichier C:\Windows\temp\TMP0000004E1585CE48354408B5 non trouvé !
Entrées de registre supprimées au redémarrage...
Malwarebytes' Anti-Malware 1.44
Database version: 3646
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
27/01/2010 21:00:40
mbam-log-2010-01-27 (21-00-40).txt
Scan type: Quick scan
Items examined: 100280
Elapsed time: 8 minute(s), 27 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 2
Infected Registry data item(s): 0
Infected folder(s): 3
Infected file(s): 4
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infected Registry value(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sefjhf98jfoidsfoishgoiusgdgfgd (Trojan.Downloader) -> Quarantined and deleted successfully.
Infected Registry data item(s):
(No harmful items detected)
Infected folder(s):
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
Infected file(s):
C:\Windows\system32\Drivers\lidnfab.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
Database version: 3646
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
27/01/2010 21:00:40
mbam-log-2010-01-27 (21-00-40).txt
Scan type: Quick scan
Items examined: 100280
Elapsed time: 8 minute(s), 27 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 2
Infected Registry data item(s): 0
Infected folder(s): 3
Infected file(s): 4
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infected Registry value(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sefjhf98jfoidsfoishgoiusgdgfgd (Trojan.Downloader) -> Quarantined and deleted successfully.
Infected Registry data item(s):
(No harmful items detected)
Infected folder(s):
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D} (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Trojan.Swisyn) -> Quarantined and deleted successfully.
Infected file(s):
C:\Windows\system32\Drivers\lidnfab.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Trojan.Swisyn) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Trojan.Swisyn) -> Quarantined and deleted successfully.
Reopen Malwarebytes, go to quarantine, and delete everything.
How's the PC? Better?
####
Please run an RSIT scan again and post log.txt.
How's the PC? Better?
####
Please run an RSIT scan again and post log.txt.
Logfile of random's system information tool 1.06 (written by random/random)
Run by doudou at 2010-01-27 21:08:48
Microsoft® Windows Vista™ Home Premium Edition Service Pack 1
System drive C: has 39 GB (28%) free of 142 GB
Total RAM: 3069 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:52, on 27/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\doudou\Downloads\RSIT.exe
C:\Program Files\trend micro\doudou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Connection Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\STEAM2\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: &Search AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Add to Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Add to Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\kbdsock.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
--
End of file - 10003 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Connection Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Hiyo"=C:\Program Files\HiYo\bin\HiYo.exe [2010-01-08 230768]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"Steam"=C:\Program Files\STEAM2\Steam.exe [2009-12-12 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-09-25 189736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-09-05 206128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-10-03 912688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-09-25 1152296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [2008-09-24 206120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-09-26 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\kbdsock.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoDriveAutoRun"=128
"NoDriveTypeAutoRun"=128
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-01-27 20:31:03 ----D---- C:\_OTM
2010-01-27 19:48:10 ----RASHD---- C:\autorun.inf
2010-01-27 19:37:01 ----A---- C:\UsbFix.txt
2010-01-27 19:32:19 ----D---- C:\UsbFix
2010-01-27 19:19:23 ----D---- C:\rsit
2010-01-23 19:07:39 ----D---- C:\Program Files\DivX
2010-01-23 19:07:39 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-23 18:23:21 ----D---- C:\Windows\Minidump
2010-01-22 18:49:30 ----D---- C:\ProgramData\WindowsSearch
2010-01-22 15:11:35 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 15:11:34 ----A---- C:\Windows\system32\occache.dll
2010-01-22 15:11:33 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 15:11:33 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 15:11:32 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 15:11:32 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 15:11:30 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 15:11:30 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 15:11:29 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-13 18:40:10 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 18:40:10 ----A---- C:\Windows\system32\fontsub.dll
2010-01-08 21:56:47 ----D---- C:\Program Files\Adobe
2010-01-08 15:25:35 ----D---- C:\Users\doudou\AppData\Roaming\HiYo
2010-01-08 15:25:05 ----D---- C:\ProgramData\HiYo
2010-01-08 15:25:05 ----D---- C:\Program Files\HiYo
======List of files/folders modified in the last 1 months======
2010-01-27 21:08:50 ----D---- C:\Windows\Temp
2010-01-27 21:08:49 ----D---- C:\Program Files\trend micro
2010-01-27 21:07:23 ----D---- C:\Windows\system32\drivers
2010-01-27 21:07:23 ----D---- C:\Windows\Logs
2010-01-27 21:03:00 ----D---- C:\Program Files\Mozilla Firefox
2010-01-27 20:57:43 ----D---- C:\Windows\System32
2010-01-27 20:57:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-27 20:57:42 ----D---- C:\Windows\inf
2010-01-27 20:52:13 ----D---- C:\Program Files\STEAM2
2010-01-27 20:47:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-27 19:46:15 ----SHD---- C:\$RECYCLE.BIN
2010-01-27 19:40:00 ----D---- C:\Windows\Tasks
2010-01-27 19:37:54 ----D---- C:\Windows\Prefetch
2010-01-27 19:36:53 ----D---- C:\Windows\system32\Tasks
2010-01-26 22:46:58 ----A---- C:\Windows\NeroDigital.ini
2010-01-24 21:46:42 ----D---- C:\Users\doudou\AppData\Roaming\uTorrent
2010-01-24
Run by doudou at 2010-01-27 21:08:48
Microsoft® Windows Vista™ Home Premium Edition Service Pack 1
System drive C: has 39 GB (28%) free of 142 GB
Total RAM: 3069 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:52, on 27/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\doudou\Downloads\RSIT.exe
C:\Program Files\trend micro\doudou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Connection Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\STEAM2\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: &Search AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Add to Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Add to Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\kbdsock.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
--
End of file - 10003 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Connection Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Hiyo"=C:\Program Files\HiYo\bin\HiYo.exe [2010-01-08 230768]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"Steam"=C:\Program Files\STEAM2\Steam.exe [2009-12-12 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-09-25 189736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-09-05 206128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-10-03 912688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-09-25 1152296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [2008-09-24 206120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-09-26 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\kbdsock.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoDriveAutoRun"=128
"NoDriveTypeAutoRun"=128
"HonorAutoRunSetting"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-01-27 20:31:03 ----D---- C:\_OTM
2010-01-27 19:48:10 ----RASHD---- C:\autorun.inf
2010-01-27 19:37:01 ----A---- C:\UsbFix.txt
2010-01-27 19:32:19 ----D---- C:\UsbFix
2010-01-27 19:19:23 ----D---- C:\rsit
2010-01-23 19:07:39 ----D---- C:\Program Files\DivX
2010-01-23 19:07:39 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-23 18:23:21 ----D---- C:\Windows\Minidump
2010-01-22 18:49:30 ----D---- C:\ProgramData\WindowsSearch
2010-01-22 15:11:35 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 15:11:34 ----A---- C:\Windows\system32\occache.dll
2010-01-22 15:11:33 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 15:11:33 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 15:11:32 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 15:11:32 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 15:11:30 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 15:11:30 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 15:11:29 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-13 18:40:10 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 18:40:10 ----A---- C:\Windows\system32\fontsub.dll
2010-01-08 21:56:47 ----D---- C:\Program Files\Adobe
2010-01-08 15:25:35 ----D---- C:\Users\doudou\AppData\Roaming\HiYo
2010-01-08 15:25:05 ----D---- C:\ProgramData\HiYo
2010-01-08 15:25:05 ----D---- C:\Program Files\HiYo
======List of files/folders modified in the last 1 months======
2010-01-27 21:08:50 ----D---- C:\Windows\Temp
2010-01-27 21:08:49 ----D---- C:\Program Files\trend micro
2010-01-27 21:07:23 ----D---- C:\Windows\system32\drivers
2010-01-27 21:07:23 ----D---- C:\Windows\Logs
2010-01-27 21:03:00 ----D---- C:\Program Files\Mozilla Firefox
2010-01-27 20:57:43 ----D---- C:\Windows\System32
2010-01-27 20:57:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-27 20:57:42 ----D---- C:\Windows\inf
2010-01-27 20:52:13 ----D---- C:\Program Files\STEAM2
2010-01-27 20:47:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-27 19:46:15 ----SHD---- C:\$RECYCLE.BIN
2010-01-27 19:40:00 ----D---- C:\Windows\Tasks
2010-01-27 19:37:54 ----D---- C:\Windows\Prefetch
2010-01-27 19:36:53 ----D---- C:\Windows\system32\Tasks
2010-01-26 22:46:58 ----A---- C:\Windows\NeroDigital.ini
2010-01-24 21:46:42 ----D---- C:\Users\doudou\AppData\Roaming\uTorrent
2010-01-24
Good evening yoyoutte, Avira sometimes detects viruses even if there aren't any. If you want, I can give you Avast antivirus along with its serial that works really well.
Ok, it's clean.
Go to this file: C:\Program Files\trend micro\doudou.exe
It's hijackthis renamed. Right-click on it and choose run as administrator.
Then select do a system scan only.
Close your browser and in the list check these lines:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menu item: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O2 - BHO: (no name) - {BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2} - (no file)
Check them and click on fix checked.
#######
• Download ToolsCleaner2 to your Desktop.
• Right-click on ToolsCleaner2.exe and choose Run as administrator.
• Click on Search and let the scan run.
• Click on Delete to finalize.
• If you wish, you can use the Optional Options.
• Click on Exit to get the report.
• Post the report (TCleaner.txt) found at the root of your hard drive (C:\).
Go to this file: C:\Program Files\trend micro\doudou.exe
It's hijackthis renamed. Right-click on it and choose run as administrator.
Then select do a system scan only.
Close your browser and in the list check these lines:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menu item: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O2 - BHO: (no name) - {BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2} - (no file)
Check them and click on fix checked.
#######
• Download ToolsCleaner2 to your Desktop.
• Right-click on ToolsCleaner2.exe and choose Run as administrator.
• Click on Search and let the scan run.
• Click on Delete to finalize.
• If you wish, you can use the Optional Options.
• Click on Exit to get the report.
• Post the report (TCleaner.txt) found at the root of your hard drive (C:\).
Reopen usbfix and choose uninstall.
Delete OTM.exe, Toolcleaner.exe and usbfix.exe
Delete C:\UsbFix, C:\_OtM and C:\Rsit and we're done.
--
See you later!
Delete OTM.exe, Toolcleaner.exe and usbfix.exe
Delete C:\UsbFix, C:\_OtM and C:\Rsit and we're done.
--
See you later!
I can't delete the USB; it says the folder is open, even though everything is closed. I don't understand.
Run by doudou at 2010-01-27 19:19:23
Microsoft® Windows Vista™ Home Premium Edition Service Pack 1
System drive C: has 38 GB (27%) free of 142 GB
Total RAM: 3069 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:16, on 27/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\doudou\AppData\Local\Temp\Hxr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\doudou\Downloads\RSIT.exe
C:\Program Files\trend micro\doudou.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Help program of Windows Live Sign-In Assistant - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2} - c:\windows\system32\frcqtxz.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\STEAM2\Steam.exe" -silent
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] C:\Users\doudou\AppData\Local\Temp\mldnjz.exe
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [BMIMZMHMFM] C:\Users\doudou\AppData\Local\Temp\Hxr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Direct Add - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Direct Add in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\kbdsock.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler Service (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
--
End of file - 10521 bytes
======Scheduled tasks folder======
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Help program of Windows Live Sign-In Assistant - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC463ACF-6A9C-4933-B751-3F8E8E0AE1E2}]
c:\windows\system32\frcqtxz.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-09-11 446556]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Hiyo"=C:\Program Files\HiYo\bin\HiYo.exe [2010-01-08 230768]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]
"Steam"=C:\Program Files\STEAM2\Steam.exe [2009-12-12 1217808]
"sefjhf98jfoidsfoishgoiusgdgfgd"=C:\Users\doudou\AppData\Local\Temp\mldnjz.exe []
"LosAlamos"=C:\Windows\system32\sshnas21.dll,AttachConsoleA []
"BMIMZMHMFM"=C:\Users\doudou\AppData\Local\Temp\Hxr.exe [2010-01-22 174592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-09-25 189736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2008-09-26 1148200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-09-05 206128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
C:\Program Files\Shareaza\Shareaza.exe [2008-10-01 5723136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2008-10-03 912688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-09-25 1152296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe [2008-09-24 206120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-09-26 210216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\kbdsock.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f6fe00-f16c-11de-88b7-00238b53fa22}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.garmin.com/agent
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4936e25d-e726-11de-806b-00238b53fa22}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d6e00f9-ea15-11dd-9d90-00238b53fa22}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b52f6ccf-e469-11de-849b-00238b53fa22}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe
======List of files/folders created in the last 1 months======
2010-01-27 19:19:23 ----D---- C:\rsit
2010-01-23 19:07:39 ----D---- C:\Program Files\DivX
2010-01-23 19:07:39 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-23 18:23:21 ----D---- C:\Windows\Minidump
2010-01-22 18:49:30 ----D---- C:\ProgramData\WindowsSearch
2010-01-22 16:46:48 ----SHD---- C:\Users\doudou\AppData\Roaming\SystemProc
2010-01-22 15:11:35 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 15:11:34 ----A---- C:\Windows\system32\occache.dll
2010-01-22 15:11:33 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 15:11:33 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 15:11:32 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 15:11:32 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 15:11:31 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 15:11:30 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 15:11:30 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 15:11:29 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-13 18:40:10 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 18:40:10 ----A---- C:\Windows\system32\fontsub.dll
2010-01-08 21:56:47 ----D---- C:\Program Files\Adobe
2010-01-08 15:25:35 ----D---- C:\Users\doudou\AppData\Roaming\HiYo
2010-01-08 15:25:05 ----D---- C:\ProgramData\HiYo
2010-01-08 15:25:05 ----D---- C:\Program Files\HiYo
======List of files/folders modified in the last 1 months======
======Uninstall list======
-->"C:\Program Files\HP Games\5 Card Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Age of Castles\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{5DB65884-C963-4454-AABA-4CA3089281FA}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
AMD USB Audio Driver Filter-->MsiExec.exe /X{A3AB35FA-943E-4799-99DC-46EFD59E998F}
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x040c
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BetClic Poker-->C:\PROGRA~1\BETCLI~1\UNWISE.EXE C:\PROGRA~1\BETCLI~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{558FF444-F562-4E4C-98BD-7B20EE184D2E}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Football Manager 2010-->"C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Désinstaller Football Manager 2010.exe"
Football Manager 2010-->"C:\Program Files\STEAM2\steam.exe" steam://uninstall/34000
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Garmin POI Loader-->MsiExec.exe /X{328019A7-0012-401D-96A2-4CDDD02675A8}
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiYo -->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"
HiYo-->MsiExec.exe /X{00E1E235-AB45-4695-A156-073118949ED4}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart SmartMenu-->MsiExec.exe /I{D8BB0945-B990-47DC-BFE3-3FDE1E165B30}
HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall
HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP Quick Launch Buttons 6.40 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP Total Care Advisor-->MsiExec.exe /X{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0128-->MsiExec.exe /X{07A5026D-5F9F-43D1-9073-C2F882D417E7}
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{846DDADA-0239-4B67-A6B1-33658863793B}\setup.exe" -l0x9 -removeonly
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x40c -remove -removeonly
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Security Scan-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee Reveal-->MsiExec.exe /X{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-A098-TC9C-CZPE-8HE4-T757-014K-1C1T"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_1a3c82dd\enecir.inf
Pixillion Image Converter-->C:\Program Files\NCH Software\Pixillion\uninst.exe
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{9D615069-AA8F-4E89-AE9D-77AAE90F529F}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SPORE Creature Creator Trial Edition-->"C:\Program Files\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2-->"C:\Program Files\STEAM2\steam.exe" steam://uninstall/440
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Utilitaire de configuration iPhone-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_0efc767c\grmnusb.inf
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wondershare Streaming Audio Recorder(Build 1.0.6.0)-->"C:\Program Files\Wondershare\Streaming Audio Recorder\unins000.exe"
XDV-S series-->MsiExec.exe /I{591A436F-56DC-4304-B415-0964D9B4210E}
=====HijackThis Backups=====
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [2009-11-30]
O4 - Global Startup: McAfee Security Scan.lnk = ? [2009-11-30]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2009-11-30]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-11-30]
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
======System event log======
Computer Name: PC-de-doudou
Event Code: 3004
Message: The Windows Defender real-time protection agent has detected changes. Microsoft recommends scanning the software responsible for these changes for potential risks. You can use the information related to these programs to allow or disallow their execution, or to remove them from the computer. Only allow changes if you trust the program or the software publisher. Windows Defender cannot reverse changes that you allow.
For more information, please refer to the following data:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=TrojanDownloader%3aWin32%2fRenos.JM&threatid=143866
Scan ID: {52238813-CA24-40DF-8D1D-8AB3E142A4B5}
User: PC-de-doudou\doudou
Name: TrojanDownloader:Win32/Renos.JM
ID: 143866
Severity ID: 5
Category ID: 4
Path found: process:pid:2044
Alert type: Spyware or other unwanted software
Detection type: Heuristic
Record Number: 63694
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100127180909.000000-000