fabou4
-
Compteur de contenus
114 -
Inscription
-
Dernière visite
fabou4's Achievements
Power Member (5/12)
0
Réputation sur la communauté
-
bonsoir Thanos ! le pc marche bien. ! (j'avais encore quelques alertes antivir dans les fichiers de sauvegarde du dossier systemrestore, j'ai donc désactivé la restauration automatique redemarrer le pc et réactiver la restauration et c'est BON, je suis tranquille !) Un problème subsiste : j'ai d'autres PC à la maison (pas des PC où je travaille, mais les enfants eux y farfouillent pas mal ...) dois-je lancer aussi des désinfections avec les outils que tu m'as conseillés ? comment savoir s'ils ont les même infections que celle qu'avait mon PC ? En tout cas, un GRAND merci pour ton aide !!
-
slt THANOS voici les rapports demandés bonne soirée ! All processes killed Error: Unable to interpret <:first> in the current context! ========== SERVICES/DRIVERS ========== Service eeCtrl stopped successfully! Service eeCtrl deleted successfully! Service SymIM stopped successfully! Service SymIM deleted successfully! Service SymIMMP stopped successfully! Service SymIMMP deleted successfully! Service Automatic LiveUpdate Scheduler stopped successfully! Service Automatic LiveUpdate Scheduler deleted successfully! Service LiveUpdate Notice Service stopped successfully! Service LiveUpdate Notice Service deleted successfully! Service LiveUpdate stopped successfully! Service LiveUpdate deleted successfully! ========== FILES ========== File/Folder C:\nqecmus.exe not found. File/Folder F:\nqecmus.exe not found. File/Folder A:\nqecmus.exe not found. File/Folder |:\nqecmus.exe not found. File/Folder C:\autorun.inf not found. File/Folder F:\autorun.inf not found. File/Folder A:\autorun.inf not found. File/Folder |:\autorun.inf not found. C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6b52.tmp folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp6788.tmp folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090513.040 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070916.002 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs\20060404.006 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\VirusDefs folder moved successfully. C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\SymSetup folder moved successfully. C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs folder moved successfully. C:\Program Files\Common Files\Symantec Shared\SymcData folder moved successfully. C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages folder moved successfully. C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} folder moved successfully. C:\Program Files\Common Files\Symantec Shared\PIF folder moved successfully. C:\Program Files\Common Files\Symantec Shared\Help\LuMuiHelp\09\01 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\Help\LuMuiHelp\09 folder moved successfully. C:\Program Files\Common Files\Symantec Shared\Help\LuMuiHelp folder moved successfully. C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully. C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully. C:\Program Files\Common Files\Symantec Shared\COH folder moved successfully. C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully. C:\Program Files\Common Files\Symantec Shared folder moved successfully. C:\Program Files\Symantec\LiveUpdate\Lang\09\01 folder moved successfully. C:\Program Files\Symantec\LiveUpdate\Lang\09 folder moved successfully. C:\Program Files\Symantec\LiveUpdate\Lang folder moved successfully. C:\Program Files\Symantec\LiveUpdate folder moved successfully. C:\Program Files\Symantec folder moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PRISMSVR.EXE deleted successfully. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\"Acrobat Assistant 7.0"| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a93e2e2-2609-11de-940d-0013d33b2f65}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a93e2e2-2609-11de-940d-0013d33b2f65}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65227764-dcc1-11de-94e0-0013d33b2f65}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65227764-dcc1-11de-94e0-0013d33b2f65}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9387c4e0-e1c0-11de-94e9-0013d33b2f65}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9387c4e0-e1c0-11de-94e9-0013d33b2f65}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7cad3ce-e804-11db-91be-0013d33b2f65}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7cad3ce-e804-11db-91be-0013d33b2f65}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 7492918 bytes User: NetworkService ->Temp folder emptied: 133912 bytes ->Temporary Internet Files folder emptied: 504633 bytes User: user ->Temp folder emptied: 1676377067 bytes ->Temporary Internet Files folder emptied: 182038333 bytes ->Java cache emptied: 376676 bytes ->FireFox cache emptied: 3430923 bytes ->Flash cache emptied: 1571668 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2164730 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 30623446 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23943034 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 2690726586 bytes Total Files Cleaned = 4,406.00 mb OTM by OldTimer - Version 3.1.12.0 log created on 05132010_195438 Files moved on Reboot... C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\XSM2596O\mail[3].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JHB9M1F8\8yhim1ep[1].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\JHB9M1F8\blank_quirks[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J6T9EMZO\favicon-vfl147246[1].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J6T9EMZO\favicon[1].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J6T9EMZO\olweb_fr[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\J6T9EMZO\rectangle_300x250[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\ads[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\favicon[1].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\favicon[2].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\hp[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\iframe[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\pub[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\GH2TG17G\pub[2].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ALRSFAB9\10jfw8tc[1].xml moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\ALRSFAB9\mail[2].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8R3KLX1G\AP_ADV_728x90[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8R3KLX1G\Claude-Puel-Rester-concentres-jusqu-au-bout[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8R3KLX1G\favicon[1].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8R3KLX1G\img[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8R3KLX1G\povh[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8R3KLX1G\pub[2].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5674RZ5K\openhand[1].cur moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3MJIWD4A\ban_728x90[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3MJIWD4A\favicon-haaretz[1].ico moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3MJIWD4A\iframe[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3MJIWD4A\jpost_com[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3MJIWD4A\mail[1].htm moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\3MJIWD4A\opensearch[1] moved successfully. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully. Registry entries deleted on Reboot... ******************************************************************************** ********************* Logfile of random's system information tool 1.07 (written by random/random) Run by user at 2010-05-13 20:17:28 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 33 GB (42%) free of 79 GB Total RAM: 511 MB (25% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:17:33 PM, on 5/13/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 12676 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Quick Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-02-09 751144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-08 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e665cff-1135-4dfe-ac5f-8351d8a5c759}] La Radio Israelienne Toolbar - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll [2010-02-24 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696] {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - La Radio Israelienne Toolbar - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll [2010-02-24 2349080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-13 344064] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-05-13 32768] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-03-10 57393] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-03-10 40960] "SetDefPrt"=C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe [2004-05-25 49152] "ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968] "Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-19 45056] "Acrobat Assistant 7.0"= [] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-08-07 36972] "ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-01-10 53248] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-28 68856] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent] C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe [2005-04-29 748032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe [2005-02-25 208896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2005-10-24 307200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE [2005-08-03 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spontania Monitor.lnk] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPONTA~1\SPONTA~1.EXE [2005-11-14 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk] C:\PROGRA~1\MSI\TV@ANY~1\P3XRCtl.exe [2005-04-20 94208] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-05-12 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\All Users\Application Data\Spontania4IM\spontaniavideo.exe"="C:\Documents and Settings\All Users\Application Data\Spontania4IM\spontaniavideo.exe:*:Enabled:Dialcom Spontania video4IM" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2010-05-13 19:54:38 ----D---- C:\_OTM 2010-05-10 21:56:55 ----D---- C:\rsit ======List of files/folders modified in the last 1 months====== 2010-05-13 20:17:31 ----D---- C:\Program Files\Trend Micro 2010-05-13 20:16:33 ----SHD---- C:\WINDOWS\Installer 2010-05-13 20:16:32 ----HD---- C:\Config.Msi 2010-05-13 20:16:31 ----D---- C:\WINDOWS\Prefetch 2010-05-13 20:15:26 ----D---- C:\WINDOWS\Temp 2010-05-13 20:15:21 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-13 20:15:06 ----D---- C:\WINDOWS 2010-05-13 20:13:21 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-13 20:12:24 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2010-05-13 20:10:04 ----D---- C:\Documents and Settings\user\Application Data\Symantec 2010-05-13 19:57:53 ----D---- C:\WINDOWS\system32 2010-05-13 19:55:14 ----D---- C:\Program Files 2010-05-13 19:55:13 ----D---- C:\Program Files\Common Files 2010-05-11 17:48:51 ----D---- C:\Hamodia A3 2010-05-11 10:01:29 ----D---- C:\WINDOWS\WinSxS 2010-05-11 10:01:29 ----D---- C:\WINDOWS\system32\drivers 2010-05-10 22:41:19 ----SHD---- C:\Program Files\Common Files\System 2010-05-10 21:28:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-07 10:14:45 ----A---- C:\WINDOWS\pex.INI 2010-05-07 09:30:47 ----A---- C:\WINDOWS\ULead32.ini 2010-04-28 22:55:04 ----D---- C:\EDEN ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-11 28520] R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-04-22 15781] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-12 1198080] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-11 45056] R3 Cap713x;Philips Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-17 17432] R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-07-17 20504] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2002-12-27 98892] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-02 260288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-20 15263] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera; C:\WINDOWS\system32\DRIVERS\dvc325.sys [] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-04-08 349984] S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504] S3 RushTopDevice;RushTopDevice; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 SlowDownCPU;SlowDownCPU; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-12 368640] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-06 65536] R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344] R2 hpqddsvc;ùéøåú HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-04 504104] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-05-13 516096] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-21 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
-
thanos, je te remercie de continuer à m'aider ! (bon j'essaierai de faire des BONS copier-coller, au moins !) Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 5/10/2010 10:41:19 PM mbam-log-2010-05-10 (22-41-19).txt Scan type: Full scan (A:\|C:\|) Objects scanned: 203291 Time elapsed: 1 hour(s), 5 minute(s), 58 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 120 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 36 Memory Processes Infected: C:\Program Files\Common Files\System\ipilrws.exe (Worm.AutoRun) -> Unloaded process successfully. C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe (Worm.AutoRun) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appsvc32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastu3.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmonitor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsvchst.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eghost.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filedsty.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftcleanershell.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fyfirewall.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ispwdsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kascrscn.scr (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastask.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavdx.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpfw.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsetup.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmfilter.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32x.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.com (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksloader.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvcenter.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvdetect.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfwmcl.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp_1.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvreport.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvscan.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvstub.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp_1.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch9x.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatchx.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\magicset.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwliveupdate.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qhset.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqkav.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regclean.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsaupd.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sreng.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syssafe.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojandetector.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojanwall.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojdie.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxagent.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxattachment.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxcfg.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxfwhlp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxpol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbcleaner.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wopticlean.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\egrrgdk (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqecmus (Worm.AutoRun) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Common Files\System\ipilrws.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\autorun.inf (Worm.AutoRun) -> Quarantined and deleted successfully. C:\nqecmus.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Program Files\meex.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1957994488-162531612-682003330-1004\Dc41\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\calc.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1957994488-162531612-682003330-1004\Dc41\Win XP USB Stick Edition\Win XP USB Stick Edition\INSTALLDIR\i386\system32\rundll32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP205\A0049025.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP206\A0049078.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP206\A0050078.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP207\A0050107.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP208\A0050145.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP209\A0050217.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP209\A0050238.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP209\A0051238.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP209\A0051261.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP210\A0051343.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP211\A0051432.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP212\A0052432.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP212\A0053432.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP213\A0053578.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP214\A0053667.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP216\A0053784.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP217\A0053823.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP217\A0054823.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP219\A0054952.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP219\A0055025.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP220\A0055127.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP220\A0055155.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP221\A0055254.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP222\A0055287.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP223\A0055334.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP223\A0055342.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP223\A0055397.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP224\A0055503.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sexit.dat (Trojan.Agent) -> Quarantined and deleted successfully. ************************************************************ rsit Logfile of random's system information tool 1.07 (written by random/random) Run by user at 2010-05-11 17:26:37 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 27 GB (35%) free of 79 GB Total RAM: 511 MB (30% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:26:44 PM, on 5/11/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\WINDOWS\system32\Prismsvr.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /apply O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 13737 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Quick Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-02-09 751144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-08 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e665cff-1135-4dfe-ac5f-8351d8a5c759}] La Radio Israelienne Toolbar - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll [2010-02-24 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696] {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - La Radio Israelienne Toolbar - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll [2010-02-24 2349080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-13 344064] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-05-13 32768] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-03-10 57393] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-03-10 40960] "SetDefPrt"=C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe [2004-05-25 49152] "ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968] "Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-19 45056] "PRISMSVR.EXE"=Prismsvr.exe /apply [] "Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328] ""= [] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-08-07 36972] "ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-01-10 53248] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-28 68856] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent] C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe [2005-04-29 748032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe [2005-02-25 208896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2005-10-24 307200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE [2005-08-03 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spontania Monitor.lnk] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPONTA~1\SPONTA~1.EXE [2005-11-14 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk] C:\PROGRA~1\MSI\TV@ANY~1\P3XRCtl.exe [2005-04-20 94208] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-05-12 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\All Users\Application Data\Spontania4IM\spontaniavideo.exe"="C:\Documents and Settings\All Users\Application Data\Spontania4IM\spontaniavideo.exe:*:Enabled:Dialcom Spontania video4IM" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a93e2e2-2609-11de-940d-0013d33b2f65}] shell\AutoRun\command - F:\nqecmus.exe shell\explore\command - F:\nqecmus.exe shell\open\command - F:\nqecmus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65227764-dcc1-11de-94e0-0013d33b2f65}] shell\AutoRun\command - F:\nqecmus.exe shell\explore\command - F:\nqecmus.exe shell\open\command - F:\nqecmus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9387c4e0-e1c0-11de-94e9-0013d33b2f65}] shell\AutoRun\command - nqecmus.exe shell\explore\command - nqecmus.exe shell\open\command - nqecmus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7cad3ce-e804-11db-91be-0013d33b2f65}] shell\AutoRun\command - nqecmus.exe shell\explore\command - nqecmus.exe shell\open\command - nqecmus.exe ======List of files/folders created in the last 1 months====== 2010-05-10 21:56:55 ----D---- C:\rsit ======List of files/folders modified in the last 1 months====== 2010-05-11 17:26:44 ----D---- C:\WINDOWS\Prefetch 2010-05-11 17:26:38 ----D---- C:\Program Files\Trend Micro 2010-05-11 17:17:49 ----D---- C:\WINDOWS\Temp 2010-05-11 17:17:41 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-11 17:16:53 ----D---- C:\WINDOWS 2010-05-11 15:02:39 ----D---- C:\Hamodia A3 2010-05-11 10:01:29 ----D---- C:\WINDOWS\WinSxS 2010-05-11 10:01:29 ----D---- C:\WINDOWS\system32\drivers 2010-05-10 22:49:31 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-10 22:41:19 ----SHD---- C:\Program Files\Common Files\System 2010-05-10 22:41:19 ----D---- C:\WINDOWS\system32 2010-05-10 22:41:19 ----D---- C:\Program Files 2010-05-10 21:28:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-07 10:14:45 ----A---- C:\WINDOWS\pex.INI 2010-05-07 09:30:47 ----A---- C:\WINDOWS\ULead32.ini 2010-04-28 22:55:04 ----D---- C:\EDEN 2010-04-12 22:56:54 ----A---- C:\WINDOWS\NeroDigital.ini 2010-04-12 21:37:06 ----D---- C:\NIV ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-11 28520] R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-04-22 15781] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-12 1198080] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-11 45056] R3 Cap713x;Philips Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-17 17432] R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-07-17 20504] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2002-12-27 98892] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-02 260288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-20 15263] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera; C:\WINDOWS\system32\DRIVERS\dvc325.sys [] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-04-08 349984] S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504] S3 RushTopDevice;RushTopDevice; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 SlowDownCPU;SlowDownCPU; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-12 368640] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-06 65536] R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344] R2 hpqddsvc;שירות HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-04 504104] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-05-13 516096] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-21 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 5/10/2010 10:41:19 PM mbam-log-2010-05-10 (22-41-19).txt Scan type: Full scan (A:\|C:\|) Objects scanned: 203291 Time elapsed: 1 hour(s), 5 minute(s), 58 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 120 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 36 Memory Processes Infected: C:\Program Files\Common Files\System\ipilrws.exe (Worm.AutoRun) -> Unloaded process successfully. C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe (Worm.AutoRun) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appsvc32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastu3.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmonitor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsvchst.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eghost.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filedsty.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftcleanershell.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fyfirewall.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ispwdsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kascrscn.scr (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastask.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavdx.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpfw.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsetup.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmfilter.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32x.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.com (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksloader.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvcenter.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvdetect.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfwmcl.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp_1.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvreport.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvscan.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvstub.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp_1.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch9x.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatchx.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\magicset.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwliveupdate.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qhset.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctor.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqkav.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regclean.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsaupd.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sreng.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syssafe.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojandetector.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojanwall.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojdie.kxp (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxagent.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxattachment.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxcfg.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxfwhlp.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxpol.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbcleaner.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wopticlean.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windo
-
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:51:30 PM, on 5/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\WINDOWS\system32\Prismsvr.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\System\ipilrws.exe C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\user\temp\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\user\Desktop\toto.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /apply O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [egrrgdk] C:\Program Files\Common Files\System\ipilrws.exe O4 - HKLM\..\Run: [nqecmus] C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 13839 bytes ******************************************************************** info.txt logfile of random's system information tool 1.06 2010-05-10 21:57:19 ======Uninstall list====== --> -c"C:\Program Files\Ulead Systems\Ulead COOL 360\IS32Inst.dll" -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WOW Main\WOW Main\Uninst.isu" -->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20} -->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE} -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBBB5EED-CC92-49F2-A276-D5433F39D1EB}\Setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP BiDi Channel Components Installer-->MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E} 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" 802.11g USB2.0 adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5797A1D5-2C08-4FF1-B4B4-EA25760CA543}\Setup.exe" -l0x9 -removeonly Adibou V.3.00 on C-->"C:\coktel\Adibou3\Uninst.exe" Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Acrobat 7.0.7 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033 ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe" ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe" Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4} Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Arc-En-Ciel La grande fête des océans-->C:\emme\arc en ciel junior\Desinst.exe ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{12434270-10FC-401B-BF3C-A839A97AFAED} ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}\Setup.exe" -l0x40c Brunin03.dllBrunin03.dll CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG Fritz & Bianca 2-->"C:\Program Files\Fritz & Bianca 2\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP LaserJet M1522 MFP Series 4.2-->C:\Program Files\HP\Digital Imaging\{C8A37F1F-E13B-48ae-93F8-4669264969F9}\setup\hpzscr01.exe -datfile hppscr08.dat -onestop -forcereboot HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} il était une fois la Vie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96A6531E-CB48-4438-8E31-111D70AA8676}\setup.exe" Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe iTunes-->MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4} J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} J'apprends à lire avec Lapin Malin-->C:\Program Files\Mindscape\J'apprends à lire avec Lapin Malin\uninstall.exe La_Radio_Israelienne Toolbar-->C:\PROGRA~1\LA_RAD~1\UNWISE.EXE /U C:\PROGRA~1\LA_RAD~1\INSTALL.LOG LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 English Language Pack-->MsiExec.exe /I{002F0409-78E1-11D2-B60F-006097C998E7} Microsoft Office 2000 Professional-->MsiExec.exe /I{000104E7-78E1-11D2-B60F-006097C998E7} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe MSI 8624 Video Capture-->C:\WINDOWS\p3xunist.exe MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA} NATHAN Vacances CE1 V.1.00 (C:)-->"C:\Nathan Vacances CE1\Uninst.exe" NATHAN Vacances CE2 V.1.00 (C:)-->"C:\Nathan Vacances CE2\Uninst.exe" Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064} Philips TeleText-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70FDCCEE-E169-47DB-9D2A-2EF70377910E}\setup.exe" -l0x9 -uninst Photo Loader 3.0F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B45586-B51E-4947-A258-A895596C5CED}\Setup.exe" -uninst Photohands 1.0F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe" Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Responsa CD12-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\RESPON~1\Uninst.isu -cC:\PROGRA~1\RESPON~1\UNINST.DLL Responsa CD15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F94EE2C-CE83-4FB6-A934-99F93712298A}\SETUP.EXE" -l0x9 -uninst Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe" Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0 Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly SpeedCrunch 0.10-->"C:\Program Files\SpeedCrunch\unins000.exe" Studio de création numérique de Lapin Malin-->C:\Program Files\Mindscape\Studio de création numérique de Lapin Malin\uninstall.exe TV@Anywhere Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B893587-00A8-4A4E-83F0-8AFA7BFC7C1A}\setup.exe" -l0x9 TV@Anywhere Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\setup.exe" -l0x9 -uninst Ulead COOL 360 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}\Setup.exe" -l0x40c -uninst Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x40c Ulead VideoStudio 7 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\Setup.exe" -l0x40c Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VGA USB Camera-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D} Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} WOW-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\wow250\Uninst.isu" ZVR_Plug_in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BA92B11-6FD5-4987-BB01-394152E266C8}\Setup.exe" -l0x9 Hosts File Missing ======System event log====== Computer Name: USER001 Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} Record Number: 3310 Source Name: DCOM Time Written: 20100104203821.000000+120 Event Type: error User: USER001\user Computer Name: USER001 Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} Record Number: 3309 Source Name: DCOM Time Written: 20100104203815.000000+120 Event Type: error User: USER001\user Computer Name: USER001 Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE} Record Number: 3308 Source Name: DCOM Time Written: 20100104203804.000000+120 Event Type: error User: USER001\user Computer Name: USER001 Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 3307 Source Name: W32Time Time Written: 20100103231437.000000+120 Event Type: warning User: Computer Name: USER001 Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 3291 Source Name: W32Time Time Written: 20091231231641.000000+120 Event Type: warning User: =====Application event log===== Computer Name: USER001 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.NSPI.Gen' in the file C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe Record Number: 71805 Source Name: Avira AntiVir Time Written: 20100428204536.000000+180 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER001 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.NSPI.Gen' in the file C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe Record Number: 71804 Source Name: Avira AntiVir Time Written: 20100428204531.000000+180 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER001 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.NSPI.Gen' in the file C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe Record Number: 71803 Source Name: Avira AntiVir Time Written: 20100428204525.000000+180 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER001 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.NSPI.Gen' in the file C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe Record Number: 71802 Source Name: Avira AntiVir Time Written: 20100428204520.000000+180 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: USER001 Event Code: 4113 Message: AntiVir has detected 'TR/Crypt.NSPI.Gen' in the file C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe Record Number: 71801 Source Name: Avira AntiVir Time Written: 20100428204515.000000+180 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ESTsoft\ALZip\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- *************************************************************************** Logfile of random's system information tool 1.07 (written by random/random) Run by user at 2010-05-10 21:56:56 Microsoft Windows XP Home Edition Service Pack 2 System drive C: has 27 GB (34%) free of 79 GB Total RAM: 511 MB (19% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:57:13 PM, on 5/10/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\WINDOWS\system32\Prismsvr.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\System\ipilrws.exe C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\user\temp\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\user\Desktop\RSIT.exe C:\Program Files\trend micro\user.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /apply O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [egrrgdk] C:\Program Files\Common Files\System\ipilrws.exe O4 - HKLM\..\Run: [nqecmus] C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 14139 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\MP Scheduled Quick Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2007-02-09 751144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-08 370296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e665cff-1135-4dfe-ac5f-8351d8a5c759}] La Radio Israelienne Toolbar - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll [2010-02-24 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-03 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-27 470512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2005-09-24 231160] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-12 259696] {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - La Radio Israelienne Toolbar - C:\Program Files\La_Radio_Israelienne\tbLa_0.dll [2010-02-24 2349080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-13 344064] "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-05-13 32768] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648] "PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-03-10 57393] "IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-03-10 40960] "SetDefPrt"=C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe [2004-05-25 49152] "ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968] "Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-19 45056] "PRISMSVR.EXE"=Prismsvr.exe /apply [] "Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328] ""= [] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-04 267048] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-08-07 36972] "ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-01-10 53248] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "egrrgdk"=C:\Program Files\Common Files\System\ipilrws.exe [2008-03-03 27344] "nqecmus"=C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [2008-03-03 27344] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-28 68856] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent] C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe [2005-04-29 748032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlowDownCPU] C:\WINDOWS\INF\MSI\SlowDownCPU\SlowDownCPU.exe [2005-02-25 208896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-08 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2005-10-24 307200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE [2005-08-03 393216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spontania Monitor.lnk] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SPONTA~1\SPONTA~1.EXE [2005-11-14 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Remote Control.lnk] C:\PROGRA~1\MSI\TV@ANY~1\P3XRCtl.exe [2005-04-20 94208] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Supervision de Photo Loader.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-05-12 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\All Users\Application Data\Spontania4IM\spontaniavideo.exe"="C:\Documents and Settings\All Users\Application Data\Spontania4IM\spontaniavideo.exe:*:Enabled:Dialcom Spontania video4IM" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe"="C:\Program Files\HP\hp laserjet m1522\Fax Config utility1.exe:*:Enabled:HP Networked Printer Installer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a93e2e2-2609-11de-940d-0013d33b2f65}] shell\AutoRun\command - F:\nqecmus.exe shell\explore\command - F:\nqecmus.exe shell\open\command - F:\nqecmus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65227764-dcc1-11de-94e0-0013d33b2f65}] shell\AutoRun\command - F:\nqecmus.exe shell\explore\command - F:\nqecmus.exe shell\open\command - F:\nqecmus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9387c4e0-e1c0-11de-94e9-0013d33b2f65}] shell\AutoRun\command - nqecmus.exe shell\explore\command - nqecmus.exe shell\open\command - nqecmus.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7cad3ce-e804-11db-91be-0013d33b2f65}] shell\AutoRun\command - nqecmus.exe shell\explore\command - nqecmus.exe shell\open\command - nqecmus.exe ======List of files/folders created in the last 1 months====== 2010-05-10 21:56:55 ----D---- C:\rsit 2010-05-10 21:26:09 ----A---- C:\WINDOWS\isRS-000.tmp ======List of files/folders modified in the last 1 months====== 2010-05-10 21:57:13 ----D---- C:\Program Files\Trend Micro 2010-05-10 21:56:54 ----D---- C:\WINDOWS\Prefetch 2010-05-10 21:30:05 ----D---- C:\WINDOWS\Temp 2010-05-10 21:29:59 ----D---- C:\WINDOWS 2010-05-10 21:29:52 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-10 21:28:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-10 21:27:27 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-10 21:26:06 ----D---- C:\WINDOWS\system32\drivers 2010-05-07 10:14:45 ----A---- C:\WINDOWS\pex.INI 2010-05-07 09:30:47 ----A---- C:\WINDOWS\ULead32.ini 2010-05-05 09:01:53 ----D---- C:\Hamodia A3 2010-04-28 22:55:04 ----D---- C:\EDEN 2010-04-12 22:56:54 ----A---- C:\WINDOWS\NeroDigital.ini 2010-04-12 21:37:06 ----D---- C:\NIV ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-11 28520] R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS [] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2007-04-22 15781] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-12 1198080] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-10-11 45056] R3 Cap713x;Philips Cap713x Video Capture; C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-05-04 686080] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-17 17432] R3 HPFXFAX;HPFXFAX; C:\WINDOWS\system32\drivers\hpfxfax.sys [2007-07-17 20504] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2002-12-27 98892] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-02 260288] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-20 15263] S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-12 51712] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 DCamUSBLTN;Kodak DVC325 Digital Video Camera; C:\WINDOWS\system32\DRIVERS\dvc325.sys [] S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 ovt519;VGA USB Camera; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-09-25 174530] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-04-08 349984] S3 RT73;D-Link USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504] S3 RushTopDevice;RushTopDevice; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\RushTop.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 SlowDownCPU;SlowDownCPU; \??\C:\WINDOWS\INF\MSI\SlowDownCPU\NTGLM7X.sys [] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152] R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-11 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-12 368640] R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-06 65536] R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344] R2 hpqddsvc;ùéøåú HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-21 45056] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-04 504104] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-05-13 516096] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-21 69632] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 182768] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- *****************************************************************************
-
Bonsoir thanos honte à moi, je ne t'ai pas contacté depuis des mois... j'ai supporté mon (mes?) virus tant bien que mal mais là, ça devient insupportable ! c'est par peur que je n'ai pas poursuivi la procédure de désinfection (c'est mon pc de travail) mais là, crois - moi, je suivrais ce que tu me diras !!! si tu es toujours d'accord pour m'aider voici les rapports hijackthis et rsit (celui malwarebyte va suivre) bonne soirée et merci encore ! cordialement
-
Pour un effacement de fichiers VRAIMENT efficace ...
fabou4 a répondu à un(e) sujet de fabou4 dans Optimisation, Trucs & Astuces
oui, tu as raison : on peux tout à fait EFFACER sans récuperer (c'est uniquement ce qui m'intéresse effectivement) -
Pour un effacement de fichiers VRAIMENT efficace ...
fabou4 a répondu à un(e) sujet de fabou4 dans Optimisation, Trucs & Astuces
bonsoir,Sacles un petit soucis avec la méthode recuva : lorsqu'on veut récupérer les fichiers, on ne peut le faire QUE sur un répertoire qu'on spécifie DONC pas sur le repertoire d'origine ! donc petit soucis pour lancer le gutman ... à la bonne place !!! à moins que j'aie pas vu une option ? -
Pour un effacement de fichiers VRAIMENT efficace ...
fabou4 a répondu à un(e) sujet de fabou4 dans Optimisation, Trucs & Astuces
à Sacles et Ticlou : merci, je n'y avais pas pensé ! le seul truc pénible c'est qu'il faut laisser RECUVA récupérer TOUS les fichiers (plusieurs heures pour mon pc!) ... pour mieux les effacer . bizarrre comme conception d'un effacement. mais si ça marche je retiens la technique juste pour ceux que ça interessent (si yen a) , j'ai aussi fait le test avec un 2e HD formaté : j'ai formaté en partition active, j'ai copié d'abord le fichier NTLDR en 1e, puis j'ai copié TOUS les autres fichiers de mon HD (depuis un live CD). ça a marché ... au 2e coup, je ne sais pas pourquoi (au 1e coup, j'avais un plantage sur l'écran d'accueil de XP alors j'ai transformé la partition en partition principale (pas marché) puis retransformé en partition active et là, ça a booté !!! pourquoi comment ? je sais pas) -
Pour un effacement de fichiers VRAIMENT efficace ...
fabou4 a répondu à un(e) sujet de fabou4 dans Optimisation, Trucs & Astuces
ah oui, dans mes tests déjà réalisés : j'ai fais un petit programme qui crée un fichier hexa rempli de zero (ou autre) jusqu'à saturation du HD ! sans succès toujours on dirait que les clusters où se trouvent les fichiers fantômes sont RESERVES ... (ie n'ont pas été libérés) -
Pour un effacement de fichiers VRAIMENT efficace ...
fabou4 a répondu à un(e) sujet de fabou4 dans Optimisation, Trucs & Astuces
merci pour votre réponse rapide ! pour ccleaner, déjà testé -> sans succès pour la méthode gutman -> ça , c'est plutôt pour effacer le fichier quand il est PRESENT sur le HD, mais dans mon cas (reste de fichier) je peux pas m'en servir, non ? -
Pour un effacement de fichiers VRAIMENT efficace ...
fabou4 a posté un sujet dans Optimisation, Trucs & Astuces
bonjour à tous Pour ne pas laisser de fichier jpg récupérable (après vidage de corbeille évidemment), j'ai testé/utilisé PLUSIEURS "effaceurs d'espace vide du HD" comme O&O SafeErase et R-Wipe. Malheureusement, les logiciels de récupération (davory, final data) arrivent TOUJOURS a récupérer des fichiers jpg de quelques Ko. j'ai aussi essayé une defragmentation, sans succès. Auriez vous une méthode efficace pour faire le ménage pour qu'il n'y ait plus aucun fichier de récupérable (jpg ou autre, d'ailleurs)? (j'avais pensé à recopier les fichiers de mon HD sur un HD tout propre (formaté) mais il y a un ordre à repecter pour que ce soit bootable, je suppose) -
bonjour à tous après avoir testé quelques logiciels de défragmentation, après voir testé quelques logiciels de nettoyage de l'espace libre de mon HD, il apparaît encore des petits fichiers JPG,PDF et autres qui sont TOUJOURS récupérables avec les softs de récupération. j'ai voulu faire d'une pierre deux coups : nettoyage ET defragmentation l"idée serait de recopier tous les fichiers d'un HD vers un HD VIERGE en copie fichier (pas en image disk , évidemment !) les problèmes : évidemment faut que le HD soit bootable, évidemment il doit y avoir un ordre de copie pour les fichiers de BOOT. est-ce que quelqu'un aurait une idée de mise en oeuvre ? j'ai aussi pensé à mettre un windows tout propre PUIS à copier les fichiers de l'ancien HD vers le nouveau mais là, y aura-t-il des pb de droit NTFS (surtout avec des dossiers genre systeme information ou recycled etc...) bref toute bonne idée complémentaire est la bienvenue ! merci et bonne fin d'année à tous !
-
bonsoir à tous j'ai une infection qui ne semble pas méchante (voir rapports ci-dessous) MAIS j'ai peur de lancer une désinfection via malwarebyte et/ou antivir car c'est mon ordinateur de travail et si jamais il plante, je suis foutu ! est-ce qu'un helpeur pourrait m'aider à désinfecter sans (trop de) risque ? je sais que le risque 0 n'existe pas mais là, j'ai peur ! MERCI BEAUCOUP !!! xxxxxxxxxxxxxxxxxxxxx HIJACKTHIS xxxxxxxxxxxxxxxxxxxxx Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:03:17 PM, on 12/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\WINDOWS\system32\Prismsvr.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\System\ipilrws.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\user\temp\TeamViewer\Version5\TeamViewer.exe C:\Program Files\Trend Micro\HijackThis\toto3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_1.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: La Radio Israelienne Toolbar - {7e665cff-1135-4dfe-ac5f-8351d8a5c759} - C:\Program Files\La_Radio_Israelienne\tbLa_1.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /apply O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [egrrgdk] C:\Program Files\Common Files\System\ipilrws.exe O4 - HKLM\..\Run: [nqecmus] C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...indows-i586.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 14088 bytes ****************************** ANTIVIR **************************** Avira AntiVir Personal Report file date: Thursday, December 10, 2009 23:29 Scanning for 1429074 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 2) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : USER001 Version information: BUILD.DAT : 9.0.0.418 21723 Bytes 02/12/2009 16:28:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 19/11/2009 17:31:08 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:31:07 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 16:00:32 VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 16:00:33 VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 16:00:33 VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 16:00:33 VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 16:00:34 VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 16:00:34 VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 16:00:34 VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 16:00:34 VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 16:00:35 VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 16:00:35 VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 16:00:35 VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 16:00:36 VBASE013.VDF : 7.10.1.79 209920 Bytes 25/11/2009 16:00:00 VBASE014.VDF : 7.10.1.128 197632 Bytes 30/11/2009 19:15:26 VBASE015.VDF : 7.10.1.178 195584 Bytes 07/12/2009 16:44:02 VBASE016.VDF : 7.10.1.179 2048 Bytes 07/12/2009 16:44:02 VBASE017.VDF : 7.10.1.180 2048 Bytes 07/12/2009 16:44:03 VBASE018.VDF : 7.10.1.181 2048 Bytes 07/12/2009 16:44:03 VBASE019.VDF : 7.10.1.182 2048 Bytes 07/12/2009 16:44:03 VBASE020.VDF : 7.10.1.183 2048 Bytes 07/12/2009 16:44:03 VBASE021.VDF : 7.10.1.184 2048 Bytes 07/12/2009 16:44:03 VBASE022.VDF : 7.10.1.185 2048 Bytes 07/12/2009 16:44:04 VBASE023.VDF : 7.10.1.186 2048 Bytes 07/12/2009 16:44:04 VBASE024.VDF : 7.10.1.187 2048 Bytes 07/12/2009 16:44:04 VBASE025.VDF : 7.10.1.188 2048 Bytes 07/12/2009 16:44:04 VBASE026.VDF : 7.10.1.189 2048 Bytes 07/12/2009 16:44:04 VBASE027.VDF : 7.10.1.190 2048 Bytes 07/12/2009 16:44:04 VBASE028.VDF : 7.10.1.191 2048 Bytes 07/12/2009 16:44:04 VBASE029.VDF : 7.10.1.192 2048 Bytes 07/12/2009 16:44:05 VBASE030.VDF : 7.10.1.193 2048 Bytes 07/12/2009 16:44:05 VBASE031.VDF : 7.10.1.211 118784 Bytes 10/12/2009 16:44:18 Engineversion : 8.2.1.108 AEVDF.DLL : 8.1.1.2 106867 Bytes 15/09/2009 18:57:41 AESCRIPT.DLL : 8.1.3.2 582010 Bytes 10/12/2009 16:44:24 AESCN.DLL : 8.1.3.0 127348 Bytes 10/12/2009 16:44:21 AESBX.DLL : 8.1.1.1 246132 Bytes 19/11/2009 17:31:08 AERDL.DLL : 8.1.3.4 479605 Bytes 01/12/2009 19:15:45 AEPACK.DLL : 8.2.0.3 422261 Bytes 05/11/2009 18:04:55 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 21:06:03 AEHEUR.DLL : 8.1.0.186 2183544 Bytes 07/12/2009 16:44:12 AEHELP.DLL : 8.1.8.0 237942 Bytes 07/12/2009 16:44:01 AEGEN.DLL : 8.1.1.80 364917 Bytes 07/12/2009 16:44:00 AEEMU.DLL : 8.1.1.0 393587 Bytes 03/10/2009 21:29:01 AECORE.DLL : 8.1.9.1 180598 Bytes 10/12/2009 16:44:19 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 08/09/2009 17:30:42 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 13:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 11/06/2009 06:29:57 RCTEXT.DLL : 9.0.73.0 86785 Bytes 19/11/2009 17:31:05 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Thursday, December 10, 2009 23:29 Starting search for hidden objects. '70316' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'Plauto.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'PRISMSVR.exe' - '1' Module(s) have been scanned Scan process 'Monitor.exe' - '1' Module(s) have been scanned Scan process 'brctrcen.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned Scan process 'ANIWZCSdS.exe' - '1' Module(s) have been scanned Scan process 'SMax4.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'CLI.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'brss01a.exe' - '1' Module(s) have been scanned Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 57 processes with 57 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\Program Files\Common Files\System\ipilrws.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan The registry was scanned ( '79' files ). Starting the file scan: Begin scan in 'C:\' C:\Mupr_p.rar [0] Archive type: RAR --> Multi Password Recovery v1.1.6 Portable.exe [1] Archive type: RAR SFX (self extracting) --> MPR.exe [DETECTION] Is the TR/PSW.LdPinch.ahea Trojan C:\nqecmus.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Program Files\meex.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\Program Files\Common Files\System\ipilrws.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP110\A0020096.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020099.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020101.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020108.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020119.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020127.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020138.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP112\A0020261.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP113\A0020325.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP114\A0020339.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP115\A0020431.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP116\A0021431.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP117\A0022431.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP117\A0022511.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP118\A0022614.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP119\A0022633.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP119\A0022663.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP119\A0022671.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan Beginning disinfection: C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\Program Files\Common Files\System\ipilrws.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\Mupr_p.rar [WARNING] The file was ignored! C:\nqecmus.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\Program Files\meex.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\Program Files\Common Files\System\ipilrws.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP110\A0020096.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020099.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020101.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020108.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020119.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020127.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP111\A0020138.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP112\A0020261.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP113\A0020325.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP114\A0020339.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP115\A0020431.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP116\A0021431.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP117\A0022431.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP117\A0022511.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP118\A0022614.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP119\A0022633.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP119\A0022663.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{C5744E51-4545-442B-B279-7A1706D08E2C}\RP119\A0022671.exe [DETECTION] Is the TR/Crypt.NSPI.Gen Trojan [WARNING] The file was ignored! End of the scan: Friday, December 11, 2009 00:28 Used time: 58:51 Minute(s) The scan has been done completely. 7499 Scanned directories 255069 Files were scanned 26 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 255042 Files not concerned 5233 Archives were scanned 27 Warnings 1 Notes 70316 Objects were scanned with rootkit scan 0 Hidden objects were found ****************************** MALWAREBYTE **************************** Malwarebytes' Anti-Malware 1.42 Database version: 3350 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 12/12/2009 10:25:45 PM malwarebytes report Scan type: Quick Scan Objects scanned: 123222 Time elapsed: 24 minute(s), 45 second(s) Memory Processes Infected: 2 Memory Modules Infected: 0 Registry Keys Infected: 120 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: C:\Program Files\Common Files\System\ipilrws.exe (Malware.NSPack) -> No action taken. C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe (Malware.NSPack) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appsvc32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastu3.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmonitor.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsvchst.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eghost.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filedsty.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftcleanershell.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fyfirewall.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmor.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ispwdsvc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kascrscn.scr (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastask.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavdx.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpfw.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsetup.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmfilter.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32x.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kregex.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.com (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksloader.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvcenter.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvdetect.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfwmcl.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp_1.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvreport.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvscan.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvsrvxp.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvstub.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp_1.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch9x.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatchx.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\magicset.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfw.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwliveupdate.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qhset.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctor.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqkav.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmond.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravstub.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravtask.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regclean.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsagent.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsaupd.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sreng.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syssafe.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojandetector.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojanwall.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojdie.kxp (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxagent.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxattachment.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxcfg.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxfwhlp.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxpol.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbcleaner.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wopticlean.exe (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Malware.NSPack) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Trojan.Agent) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\egrrgdk (Malware.NSPack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqecmus (Malware.NSPack) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Common Files\System\ipilrws.exe (Malware.NSPack) -> No action taken. C:\Program Files\Common Files\Microsoft Shared\lnnvkiq.exe (Malware.NSPack) -> No action taken. C:\Program Files\meex.exe (Malware.NSPack) -> No action taken. C:\autorun.inf (Malware.NSPack) -> No action taken. C:\nqecmus.exe (Malware.NSPack) -> No action taken. C:\WINDOWS\system32\sexit.dat (Trojan.Agent) -> No action taken.
-
un trojan dans Free Download Manager ???
fabou4 a répondu à un(e) sujet de fabou4 dans Analyses et éradication malwares
Bonjour THANOS, Ok, j'ai pu désinstaller "software informer server" par le panneau de configuration (je ne suis pas un habitué de Vista). Je te soumet à tout hasard les rapports RSIT. Merci bcp de m'avoir aidé et accompagné dans cette histoire. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-07-30.01) Microsoft® Windows Vista™ Édition Familiale Premium Boot Device: \Device\HarddiskVolume1 Install Date: 03/01/2009 07:43:32 System Uptime: 30/07/2009 16:47:59 (1 hours ago) Motherboard: Compal | | 30F4 Processor: Intel® Core2 Duo CPU P8600 @ 2.40GHz | CPU | 2401/1066mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 222 GiB total, 167,883 GiB free. D: is FIXED (NTFS) - 233 GiB total, 231,859 GiB free. E: is FIXED (NTFS) - 11 GiB total, 1,841 GiB free. F: is CDROM () H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== ==== Installed Programs ====================== Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9 - Français Adobe Shockwave Player AOL Toolbar 5.0 ArcSoft PhotoStudio 5.5 Avira AntiVir Premium Canon MP Navigator EX 2.0 Canon Utilities Solution Menu CanoScan LiDE 200 Scanner Driver CCleaner (remove only) CDDRV_Installer CyberLink DVD Suite DigitalPersona Personal 3.1.0 ESU for Microsoft Vista Free Download Manager 2.5 build 758 Hewlett-Packard Active Check for Health Check Hewlett-Packard Asset Agent for Health Check HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Help and Support HP LaserJet P1000 series HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart TV HP MediaSmart Webcam HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Update HP User Guides 0129 HP Wireless Assistant HPNetworkAssistant hppMSRedist hppusgP1000 HPSSupply HPTCSSetup IDT Audio Java 6 Update 13 Java 6 Update 7 JMicron JMB38X Flash Media Controller KhalInstallWrapper LabelPrint Logitech SetPoint Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB929729) Microsoft .NET Framework 3.5 Language Pack SP1 - fra Microsoft .NET Framework 3.5 SP1 Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (French) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (French) 2007 Microsoft Office PowerPoint MUI (French) 2007 Microsoft Office PowerPoint Viewer 2007 (French) Microsoft Office Proof (Arabic) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (French) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (French) 2007 Microsoft Office Word MUI (French) 2007 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Mise à jour Microsoft Office Excel 2007 Help (KB963678) Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) Mise à jour Microsoft Office Word 2007 Help (KB963665) Module de compatibilité pour Microsoft Office System 2007 Module linguistique Microsoft .NET Framework 3.5 SP1- fra Mozilla Firefox (3.5.1) MrvlUsgTracking MSXML 4.0 SP2 (KB954430) muvee Reveal My HP Games Navilog1 3.7.4 Norton Internet Security NVIDIA Drivers PDFCreator PhotoNow! Power2Go PowerDirector ProtectSmart Hard Drive Protection Real Alternative 1.9.0 Realtek 8169 8168 8101E 8102E Ethernet Driver Secunia PSI Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Word 2007 (KB969604) Skype web features Skype™ 4.1 SoftwareUpdate 1.0 SPORE Creature Creator Trial Edition Synaptics Pointing Device Driver TeamViewer 4 Update for 2007 Microsoft Office System (KB967642) Validity Sensors software VideoLAN VLC media player 0.8.6i Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0) ==== End Of File =========================== DS (Ver_09-07-30.01) - NTFSx86 Run by albert at 17:53:33,63 on 30/07/2009 Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3069.1811 [GMT 2:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\vfsFPService.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\HP\HP UT\bin\hppusg.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\taskeng.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\albert\Desktop\téléchargement\dds(2).pif C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.fr/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [software Informer] "c:\program files\software informer\softinfo.exe" -autorun uRun: [iSUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe" mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe" mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe" mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe" mRun: [uCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam" mRun: [smartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [<NO NAME>] mRun: [HPUsageTracking] c:\program files\hp\hp ut\bin\hppusg.exe "c:\program files\hp\hp ut\" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL LSA: Notification Packages = scecli DPPWDFLT ================= FIREFOX =================== FF - ProfilePath - c:\users\albert\appdata\roaming\mozilla\firefox\profiles\3f2rpa2g.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\hewlett-packard\media\dvd\000.fcl [2008-9-26 59376] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2009-1-3 77824] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-7-28 194817] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-7-28 108289] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-7-28 434945] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-22 365904] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2008-12-15 185640] R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-9-24 296320] R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-9-24 116096] R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-9-16 599344] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-22 193840] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-4-29 54784] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-1-3 3664384] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-8-6 44576] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808] R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-9-16 40752] S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-21 100184] =============== Created Last 30 ================ 2009-07-28 22:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-07-28 22:19 <DIR> --d----- c:\programdata\Avira 2009-07-28 22:19 <DIR> --d----- c:\program files\Avira 2009-07-28 22:19 <DIR> --d----- c:\progra~2\Avira 2009-07-21 22:19 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-07-20 21:53 <DIR> --d----- c:\program files\Regsearch 2009-07-15 22:39 289,792 a------- c:\windows\system32\atmfd.dll 2009-07-15 22:39 156,672 a------- c:\windows\system32\t2embed.dll 2009-07-15 22:39 72,704 a------- c:\windows\system32\fontsub.dll 2009-07-15 22:39 23,552 a------- c:\windows\system32\lpk.dll 2009-07-15 22:39 10,240 a------- c:\windows\system32\dciman32.dll 2009-07-14 14:27 <DIR> --d--r-- c:\program files\Skype 2009-07-14 14:20 56 a---h--- c:\programdata\ezsidmv.dat 2009-07-14 14:20 56 a---h--- c:\progra~2\ezsidmv.dat 2009-07-14 14:16 <DIR> --d----- c:\programdata\Skype 2009-07-14 14:02 <DIR> --d----- c:\program files\CCleaner ==================== Find3M ==================== 2009-07-30 17:34 713,542 a------- c:\windows\system32\perfh00C.dat 2009-07-30 17:34 143,542 a------- c:\windows\system32\perfc00C.dat 2009-07-21 23:52 915,456 a------- c:\windows\system32\wininet.dll 2009-07-21 23:47 109,056 a------- c:\windows\system32\iesysprep.dll 2009-07-21 23:47 71,680 a------- c:\windows\system32\iesetup.dll 2009-07-21 22:13 133,632 a------- c:\windows\system32\ieUnatt.exe 2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-06-07 15:04 143,360 a------- c:\windows\inf\infstrng.dat 2009-06-07 15:04 86,016 a------- c:\windows\inf\infstor.dat 2009-06-07 15:04 51,200 a------- c:\windows\inf\infpub.dat 2009-06-07 14:57 665,600 a------- c:\windows\inf\drvindex.dat 2009-06-07 14:53 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-03-01 18:50 64,701 a------- c:\programdata\nvModes.dat 2009-03-01 18:50 64,701 a------- c:\progra~2\nvModes.dat 2008-10-22 14:34 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat 2008-10-22 14:34 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat 2008-10-22 14:34 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat 2008-10-22 14:34 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat 2008-10-02 14:52 218,480 a------- c:\programdata\SymUpdate.exe 2008-10-02 14:52 218,480 a------- c:\progra~2\SymUpdate.exe 2008-01-21 04:43 174 a--sh--- c:\program files\desktop.ini 2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat 2009-02-24 18:08 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-02-24 18:08 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-02-24 18:08 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat ============= FINISH: 17:53:51,08 ===============