Aller au contenu
Zebulon

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Infection Trojan iexplorer.exe

Yoman0

Par Yoman0
dans Analyses et éradication malwares

 Partager

Messages recommandés

Yoman0 Junior Member

Yoman0

Posté(e)
Posté(e) (modifié)

Bonjour à tous,

 

J'ai eu quelques suspicions sur un programme qui s'exécutait au démarrage de windows, je me suis renseigné et mes doutes se sont confirmé.

 

Je pense savoir d'ou il vient. Il y a quelques jours (une dizaine environ), j'ai téléchargé sur un site de confiance (wawamania.eu, sans faire de pub) un logiciel "illégalement", dans celui-ci se trouvai un "crack" qui malheureusement ne semble pas l'être. :outch: (Je préfère vous le dire et être honnête, çela fera avancé plus vite les choses.)

 

J'ai actuellement "Outpost Firewall Pro" (que j'ai installé récemment) et "Microsoft Security Essentials" (j'ai voulu le testé, étant gratuits et nouveau, c'est fort intéressant pour un produit Microsoft).

 

J'ai tenté plusieurs action (amateur) pour éliminer ce virus:

 

Supprimer le fichier: Se trouvant a cette adresse: "C:\Users\Yo\AppData\Roaming\install\iexplorer.exe", après suppression, il réapparait instantanément ^^

Supprimer le processus: Le processus revient lui aussi instantanément.

Supprimer l'auto-démarrage: Avec TuneUp utilities, mais même résultat que les deux précédant...

 

Avec Le firewall "Outpost", j'ai bloqué tous ses accès de communication (blocage de port), donc il ne devrait plus envoyé ou recevoir de données.

 

J'ai pas mal de connaissance en informatique, mais préfère sur ce cas avoir des conseils d'expert pour traité au mieux ce problème de sécurité.

 

Voici le rapport Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:31:35, on 25/07/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Yo\AppData\Roaming\install\iexplorer.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mumble\mumble.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Users\Yo\Downloads\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mp3, mp3 download, download mp3 songs

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Chrome] C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - HKCU\..\Run: [Windows Live Mail] C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

O4 - HKCU\..\Run: [HKCU] C:\Users\Yo\AppData\Roaming\install\iexplorer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O4 - Global Startup: UltraMon.lnk = ?

O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O20 - AppInit_DLLs: c:\progra~1\outpos~1\wl_hook.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 23450 bytes

 

 

 

Merci d'avance pour vos réponse et je suis a votre disposition pour tous renseignements complémentaires.

Modifié par Thanos
Lien vers le commentaire
Partager sur d’autres sites

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Salut et bienvenue sur le forum ;)

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement ;)

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton Ajouter une réponse

 

*********

 

Tu as bien fait de bloquer le programme avec ton firewall afin qu'il ne puisse pas communiquer sur le réseau :)

 

1°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
    20091211135631.png
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

2°) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Poste les 3 rapports stp.

Lien vers le commentaire
Partager sur d’autres sites
Yoman0 Junior Member

Yoman0

Posté(e)
  • Auteur
Posté(e)

Bonjour, merci pour vos reponses rapide.

 

Effectivement, le lien pour MBAM est mort, mais je l'ai téléchargé sur le site officiel (version gratuite)

 

*********************

 

Voici les fichiers de rapports:

 

  • RSIT.exe

 


  1.  
  2. log.txt
    Logfile of random's system information tool 1.08 (written by random/random)
Run by Yo at 2010-07-27 01:21:36
Microsoft Windows 7 Édition Intégrale  
System drive C: has 22 GB (37%) free of 59 GB
Total RAM: 4094 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:21:44, on 27/07/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\Yo\AppData\Roaming\install\iexplorer.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Mumble\mumble.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Yo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://shop.thefreevpn.com/home.php]mp3, mp3 download, download mp3 songs[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN : Hotmail, Messenger, Actualité, Sport et Vidéo[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN : Hotmail, Messenger, Actualité, Sport et Vidéo[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Chrome] C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [Windows Live Mail] C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\Yo\AppData\Roaming\install\iexplorer.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O20 - AppInit_DLLs: c:\progra~1\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 24661 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1007721139-29448798-3616368982-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1007721139-29448798-3616368982-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-05-26 448384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"Hercules DJ Series"=C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [2010-02-03 1297192]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-06-07 4176760]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Chrome"=C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe [2010-06-29 945720]
"Windows Live Mail"=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2010-06-07 92024]
"HKCU"=C:\Users\Yo\AppData\Roaming\install\iexplorer.exe [2010-07-25 2502671]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico

C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-07-27 01:16:17 ----D---- C:\Program Files (x86)\trend micro
2010-07-27 01:16:16 ----D---- C:\rsit
2010-07-27 01:11:49 ----D---- C:\Users\Yo\AppData\Roaming\Malwarebytes
2010-07-27 01:11:35 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-07-27 01:11:33 ----D---- C:\ProgramData\Malwarebytes
2010-07-27 01:11:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-07-26 18:18:14 ----D---- C:\Users\Yo\AppData\Roaming\Beat Hazard
2010-07-26 03:09:36 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-07-26 03:03:02 ----D---- C:\Program Files (x86)\Common Files\Akamai
2010-07-26 03:00:46 ----D---- C:\Windows\SysWOW64\Macromed
2010-07-26 03:00:25 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-07-26 02:27:41 ----A---- C:\UsbFix.txt
2010-07-26 02:27:15 ----D---- C:\UsbFix
2010-07-26 02:14:07 ----A---- C:\Windows\SysWOW64\DBCLIENT.DLL
2010-07-26 02:14:06 ----D---- C:\Program Files (x86)\Common Files\Borland Shared
2010-07-26 02:13:41 ----D---- C:\Program Files (x86)\ZebHelpProcess
2010-07-23 19:37:12 ----D---- C:\ProgramData\Agnitum
2010-07-23 14:12:55 ----D---- C:\Users\Yo\AppData\Roaming\Realtime Soft
2010-07-23 14:12:48 ----D---- C:\Program Files (x86)\Common Files\Realtime Soft
2010-07-23 14:12:47 ----D---- C:\ProgramData\Realtime Soft
2010-07-23 03:11:44 ----D---- C:\Program Files (x86)\Fake Voice
2010-07-22 23:39:19 ----D---- C:\ProgramData\Sun
2010-07-22 23:39:15 ----D---- C:\Program Files (x86)\Common Files\Java
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\java.exe
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2010-07-22 23:38:18 ----D---- C:\Program Files (x86)\Java
2010-07-22 22:30:38 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-07-22 22:17:41 ----D---- C:\Program Files (x86)\FreeVPN
2010-07-22 22:17:28 ----A---- C:\Users\Yo\AppData\Roaming\free.VPN by di-gi-mrc.exe
2010-07-22 21:02:58 ----D---- C:\Users\Yo\AppData\Roaming\AutoHideIP
2010-07-22 21:02:58 ----D---- C:\ProgramData\AutoHideIP
2010-07-22 21:01:13 ----D---- C:\Program Files (x86)\AutoHideIP
2010-07-22 14:53:44 ----A---- C:\Users\Yo\AppData\Roaming\AutoHideIP-4.6.7.2.Setup.exe
2010-07-22 14:53:42 ----D---- C:\Program Files (x86)\Xenocode
2010-07-21 13:51:34 ----A---- C:\Windows\SysWOW64\HDJAsiou.dll
2010-07-21 13:51:34 ----A---- C:\Windows\SysWOW64\HDJAsioCpl.dll
2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HRFDongle.dll
2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HDJSAPI.dll
2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HDJAPI.dll
2010-07-21 13:50:56 ----D---- C:\Users\Yo\AppData\Roaming\InstallShield
2010-07-20 12:22:21 ----D---- C:\Users\Yo\AppData\Roaming\vlc
2010-07-20 12:21:46 ----D---- C:\Program Files (x86)\VideoLAN
2010-07-20 12:21:05 ----D---- C:\Users\Yo\AppData\Roaming\ClickPotatoLite
2010-07-20 12:21:05 ----D---- C:\ProgramData\ClickPotatoLiteSA
2010-07-20 12:21:05 ----D---- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2010-07-20 12:21:05 ----D---- C:\Program Files (x86)\ClickPotatoLite
2010-07-20 02:08:01 ----D---- C:\Users\Yo\AppData\Roaming\FileZilla
2010-07-20 02:05:57 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2010-07-19 13:36:34 ----RA---- C:\Windows\SysWOW64\LgExport.dll
2010-07-19 13:36:34 ----RA---- C:\Windows\SysWOW64\LGDispDrv.dll
2010-07-19 13:36:20 ----D---- C:\Program Files (x86)\LG Soft India
2010-07-19 02:11:00 ----D---- C:\Program Files (x86)\CCleaner
2010-07-18 14:13:58 ----D---- C:\ProgramData\Adobe
2010-07-18 14:13:36 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-07-18 14:13:36 ----D---- C:\Program Files (x86)\Adobe
2010-07-18 14:08:33 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games
2010-07-17 23:59:13 ----D---- C:\Users\Yo\AppData\Roaming\MessengerGadget
2010-07-17 18:51:35 ----D---- C:\Users\Yo\AppData\Roaming\install
2010-07-17 18:50:16 ----D---- C:\Program Files (x86)\VirtualDJ
2010-07-17 16:46:15 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-07-17 14:35:33 ----D---- C:\Windows\PixArt
2010-07-17 12:34:59 ----D---- C:\Windows\Minidump
2010-07-17 04:32:37 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-07-17 04:32:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-07-17 04:32:36 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-07-17 04:32:35 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-07-17 04:32:35 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-07-17 04:32:34 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-07-17 04:32:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-07-17 04:32:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-07-17 04:32:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-07-17 04:32:31 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-07-17 04:32:30 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-07-17 04:32:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-07-17 04:32:28 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-07-17 04:32:26 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-07-14 21:12:45 ----D---- C:\Program Files (x86)\OCCT
2010-07-10 03:19:48 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-07-09 21:04:40 ----A---- C:\Windows\SysWOW64\xfcodec.dll
2010-07-09 17:23:23 ----D---- C:\ProgramData\Age of Empires 3
2010-07-09 16:59:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-07-09 16:59:14 ----D---- C:\Users\Yo\AppData\Roaming\DAEMON Tools Lite
2010-07-09 16:59:12 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-07-09 02:15:10 ----D---- C:\Users\Yo\AppData\Roaming\Notepad++
2010-07-08 14:42:19 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-08 03:58:27 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-07-08 03:47:21 ----D---- C:\Windows\SysWOW64\Wat
2010-07-08 03:30:53 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-08 03:29:18 ----HD---- C:\Windows\Icons
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-07-08 03:13:19 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-07-08 03:13:00 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-07-08 03:12:47 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-07-08 03:12:45 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-07-08 03:12:44 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-07-08 03:12:44 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2010-07-08 03:12:29 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-07-08 03:12:28 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-07-08 03:12:11 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-07-08 03:12:01 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-07-08 03:11:51 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-07-08 03:11:51 ----A---- C:\Windows\explorer.exe
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\wow32.dll
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\user.exe
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\setup16.exe
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\instnm.exe
2010-07-08 03:11:30 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-07-08 03:11:28 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-07-08 03:11:22 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-07-08 03:11:18 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-07-08 03:11:18 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-07-08 03:11:13 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-07-08 03:10:58 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-07-08 03:10:54 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-07-08 03:10:49 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-07-08 03:10:48 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-07-08 03:10:45 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-07-08 02:39:56 ----D---- C:\ProgramData\Futuremark
2010-07-08 02:36:21 ----D---- C:\Users\Yo\AppData\Roaming\Windows Live Writer
2010-07-08 02:30:22 ----D---- C:\Program Files (x86)\Windows Live
2010-07-08 02:30:08 ----D---- C:\Windows\PCHEALTH
2010-07-08 02:28:47 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-07-08 02:28:26 ----D---- C:\Program Files (x86)\Microsoft
2010-07-08 02:27:51 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2010-07-08 02:27:51 ----A---- C:\Windows\SysWOW64\mf.dll
2010-07-08 02:27:48 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2010-07-08 02:26:19 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2010-07-08 02:19:54 ----D---- C:\Program Files (x86)\Common Files\Futuremark Shared
2010-07-08 02:18:50 ----D---- C:\Program Files (x86)\Futuremark
2010-07-08 02:18:33 ----D---- C:\Windows\SysWOW64\AGEIA
2010-07-08 02:18:31 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-07-08 02:18:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-07-08 02:18:19 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-07-08 02:18:16 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-07-08 02:18:15 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-07-08 02:18:15 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-07-08 02:18:11 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-07-08 02:18:11 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-07-08 02:18:10 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-07-08 02:18:10 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-07-08 02:18:09 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-07-08 02:18:08 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-07-08 02:18:02 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-07-08 02:18:02 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-07-08 02:18:01 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-07-08 02:18:00 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-07-08 02:17:59 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-07-08 02:17:59 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-07-08 02:17:58 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-07-08 02:17:57 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-07-08 02:17:47 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-07-08 02:17:42 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-07-08 02:17:41 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-07-08 02:17:41 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-07-08 02:17:39 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-07-08 02:12:43 ----A---- C:\Windows\SysWOW64\uxtuneup.dll
2010-07-08 02:12:43 ----A---- C:\Windows\SysWOW64\authuitu.dll
2010-07-08 02:12:31 ----D---- C:\Users\Yo\AppData\Roaming\TuneUp Software
2010-07-08 02:12:25 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010
2010-07-08 02:12:05 ----D---- C:\ProgramData\TuneUp Software
2010-07-08 02:12:00 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-08 02:01:16 ----A---- C:\Windows\gdrv.sys
2010-07-08 01:58:55 ----D---- C:\Program Files (x86)\Microsoft Antimalware
2010-07-08 01:27:36 ----D---- C:\Program Files (x86)\EVEREST Ultimate Edition
2010-07-08 01:05:42 ----D---- C:\Windows\SysWOW64\RTCOM
2010-07-08 01:04:57 ----D---- C:\Program Files (x86)\Realtek
2010-07-08 01:04:54 ----HD---- C:\Program Files (x86)\Temp
2010-07-08 01:04:52 ----R---- C:\Windows\RtlExUpd.dll
2010-07-08 01:04:44 ----D---- C:\Users\Yo\AppData\Roaming\ATI
2010-07-08 01:04:44 ----D---- C:\ProgramData\ATI
2010-07-08 01:04:28 ----D---- C:\Windows\Panther
2010-07-08 01:00:58 ----RA---- C:\Windows\SysWOW64\CSVer.dll
2010-07-08 01:00:58 ----D---- C:\Program Files (x86)\Intel
2010-07-08 01:00:44 ----D---- C:\Intel
2010-07-08 01:00:23 ----HD---- C:\Program Files (x86)\DeviceVM
2010-07-08 00:56:12 ----D---- C:\ProgramData\InstallShield
2010-07-08 00:56:09 ----D---- C:\Program Files (x86)\Gigabyte
2010-07-08 00:56:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-08 00:55:51 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-07-08 00:54:49 ----A---- C:\Windows\IsUninst.exe
2010-07-08 00:54:25 ----D---- C:\Program Files (x86)\Common Files\ATI Technologies
2010-07-08 00:54:24 ----D---- C:\Program Files (x86)\ATI
2010-07-08 00:53:39 ----D---- C:\Program Files (x86)\ATI Technologies
2010-07-08 00:50:36 ----D---- C:\ATI
2010-07-08 00:50:18 ----A---- C:\Windows\GSetup.ini
2010-07-08 00:33:40 ----D---- C:\Users\Yo\AppData\Roaming\Xfire
2010-07-08 00:33:39 ----D---- C:\ProgramData\Xfire
2010-07-08 00:33:38 ----D---- C:\Program Files (x86)\Xfire
2010-07-08 00:21:00 ----D---- C:\Users\Yo\AppData\Roaming\Mumble
2010-07-08 00:20:49 ----D---- C:\Program Files (x86)\Mumble
2010-07-08 00:20:23 ----D---- C:\Users\Yo\AppData\Roaming\Macromedia
2010-07-08 00:20:23 ----D---- C:\Users\Yo\AppData\Roaming\Adobe
2010-07-08 00:18:26 ----D---- C:\Program Files (x86)\Adobe Photoshop CS4
2010-07-08 00:18:22 ----D---- C:\Program Files (x86)\Xtremsplit 1.2
2010-07-08 00:18:22 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-07-08 00:18:06 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-07-08 00:17:39 ----SHD---- C:\Windows\Installer
2010-07-08 00:17:33 ----D---- C:\Program Files (x86)\Notepad++
2010-07-08 00:17:27 ----A---- C:\WPI_Log_2010.07.08_00.17.27.txt
2010-07-08 00:15:49 ----AD---- C:\WPI_Audio
2010-07-08 00:15:29 ----A---- C:\WPI_Log_2010.07.08_00.15.29.txt
2010-07-08 00:14:28 ----D---- C:\Users\Yo\AppData\Roaming\Identities
2010-07-08 00:13:25 ----SD---- C:\Users\Yo\AppData\Roaming\Microsoft
2010-07-08 00:13:25 ----D---- C:\Users\Yo\AppData\Roaming\Media Center Programs
2010-07-08 00:12:52 ----SHD---- C:\Recovery
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Modèles
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Menu Démarrer
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Favoris
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Bureau
2010-07-08 00:08:32 ----D---- C:\Windows\SoftwareDistribution
2010-07-08 00:05:38 ----D---- C:\Windows\Prefetch
2010-07-08 00:05:18 ----ASH---- C:\pagefile.sys
2010-07-08 00:05:16 ----SHD---- C:\System Volume Information
2010-07-08 00:05:16 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2010-07-27 01:21:43 ----D---- C:\Windows\Temp
2010-07-27 01:16:17 ----RD---- C:\Program Files (x86)
2010-07-27 01:11:35 ----D---- C:\Windows\SysWOW64\drivers
2010-07-27 01:11:33 ----HD---- C:\ProgramData
2010-07-26 12:02:47 ----SHD---- C:\$Recycle.Bin
2010-07-26 12:01:21 ----RSD---- C:\Windows\Fonts
2010-07-26 04:37:14 ----D---- C:\Windows\SysWOW64
2010-07-26 03:03:26 ----D---- C:\Windows\winsxs
2010-07-26 03:03:02 ----D---- C:\Program Files (x86)\Common Files
2010-07-23 19:40:58 ----D---- C:\Windows\inf
2010-07-23 19:38:10 ----D---- C:\Windows
2010-07-23 19:37:37 ----RD---- C:\Program Files
2010-07-23 19:37:37 ----D---- C:\Windows\System32
2010-07-19 13:09:50 ----A---- C:\Windows\win.ini
2010-07-19 02:12:15 ----D---- C:\Windows\debug
2010-07-17 14:35:33 ----D---- C:\Windows\twain_32
2010-07-17 04:31:48 ----RSD---- C:\Windows\assembly
2010-07-17 04:28:17 ----D---- C:\Windows\Logs
2010-07-14 00:42:10 ----SD---- C:\ProgramData\Microsoft
2010-07-08 11:47:38 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-08 07:56:57 ----D---- C:\Windows\rescache
2010-07-08 04:20:26 ----D---- C:\Windows\Microsoft.NET
2010-07-08 03:47:34 ----D---- C:\Program Files (x86)\Windows Media Player
2010-07-08 03:47:30 ----D---- C:\Windows\AppPatch
2010-07-08 03:47:21 ----D---- C:\Windows\ehome
2010-07-08 03:47:13 ----D---- C:\Program Files (x86)\Internet Explorer
2010-07-08 03:47:10 ----D---- C:\Windows\SysWOW64\fr-FR
2010-07-08 03:47:08 ----D---- C:\Windows\SysWOW64\migration
2010-07-08 03:30:54 ----D---- C:\Windows\SysWOW64\en-US
2010-07-08 02:36:31 ----D---- C:\Windows\LiveKernelReports
2010-07-08 02:29:26 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-07-08 01:03:58 ----D---- C:\Windows\Setup
2010-07-08 00:56:08 ----D---- C:\Windows\Downloaded Program Files
2010-07-08 00:19:28 ----D---- C:\Windows\Tasks
2010-07-08 00:13:21 ----RD---- C:\Users
2010-07-08 00:06:15 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox64.sys []
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys []
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 ASWFilt;ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt64.dll []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys []
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-07-26 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
R3 vpcbus;Service de bus hôte Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys []
R3 vpcusb;Service du connecteur de virtualisation USB; C:\Windows\system32\DRIVERS\vpcusb.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 azjk9k63;azjk9k63; C:\Windows\SysWOW64\drivers\azjk9k63.sys []
S3 Bulk;HDJBulk; C:\Windows\System32\Drivers\HDJBulk.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Yo\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 HDJAsioK;HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys []
S3 HDJMidi;Hercules DJ Console Rmx MIDI; C:\Windows\system32\DRIVERS\HDJMidi.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2009-04-24 14336]
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-04-24 18432]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\OUTPOS~1\acs.exe [2009-12-17 2373280]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe [2009-07-30 68136]
R2 HerculesDJControlMP3;Hercules DJ Control MP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-08 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-07-26 214816]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-07-06 1403200]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-05-26 2290048]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-06-17 395048]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-07-08 607040]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------


  3. info.txt
    info.txt logfile of random's system information tool 1.08 2010-07-27 01:16:51

======Uninstall list======

@BIOS Ver.2.06-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9  -removeonly
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
3DMark Vantage-->"C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Dreamweaver CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{3EB745BA-194F-4475-9164-B20BB2172395}"
Adobe Reader 9.3.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Age of Empires III - The WarChiefs-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710} 
Age of Empires III-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5} 
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Akamai NetSession Interface-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
Auto Hide IP-->"C:\Program Files (x86)\AutoHideIP\uninst.exe"
Browser Configuration Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{5B363E1D-8C36-4458-BAE4-D5081999E094}\setup.exe" -runfromtemp -l0x040c -removeonly
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Catalyst Control Center - Branding-->MsiExec.exe /I{87323561-58BA-4D5B-BADA-A791B69D1705}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
ClickPotato-->"C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteUninstaller.exe" Web
D3DX10-->MsiExec.exe /X{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}
DMIView B8.0717.01-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9  -removeonly
Energy Saver Advance B9.0730.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9  -removeonly
EVEREST Ultimate Edition v5.50-->"C:\Program Files (x86)\EVEREST Ultimate Edition\unins000.exe"
Fake Voice 2.0.0-->"C:\Program Files (x86)\Fake Voice\unins000.exe"
FileZilla Client 3.3.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
forteManager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c  -removeonly
FreeVPN v3.22-->"C:\Program Files (x86)\FreeVPN\unins000.exe"
Futuremark SystemInfo-->"C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
Hercules DJ Products Series drivers-->C:\Program Files (x86)\InstallShield Installation Information\{33999F1F-EA46-4E55-A239-1BA803235396}\setup.exe -runfromtemp -l0x040c -removeonly
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Junk Mail filter update-->MsiExec.exe /I{11EFF057-8ED2-4321-A19D-D673DECB36CC}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
MSVCRT_amd64-->MsiExec.exe /I{6917F87D-921D-4EFA-9AA5-8CDEA9E28520}
MSVCRT-->MsiExec.exe /I{035C76D2-7D8E-484D-8CA3-686C0B474A2B}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
OCCT Perestroika 3.1.0-->"C:\Program Files (x86)\OCCT\unins000.exe"
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Realtek Ethernet Controller  Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE"  -removeonly
The Lord of the Rings FREE Trial -->MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
TuneUp Utilities-->C:\Program Files (x86)\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Usbfix By C_XX & El Desaparecido-->"C:\Usbfix\Un-Usbfix.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG
VLC media player 1.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Bêta-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Bêta-->MsiExec.exe /I{231E4621-2428-405D-A7A4-8EB93486BAC7}
Windows Live Communications Platform-->MsiExec.exe /I{FA5D1C9E-154D-49B1-8CF0-DF5FAB6171EA}
Windows Live Installer-->MsiExec.exe /I{46BAF2A0-3789-4E49-B000-4BB64426D1BF}
Windows Live Mail-->MsiExec.exe /I{2607FE6B-1D61-46E5-A544-54666B0EF908}
Windows Live Mail-->MsiExec.exe /I{795851D4-BA00-4965-B2A8-94AA9C7C2789}
Windows Live Messenger-->MsiExec.exe /X{2578D94A-A88A-4643-9DAA-F0A5E981EB04}
Windows Live Messenger-->MsiExec.exe /X{8D73EFE7-ED6F-49C6-9685-C712A00F8DDD}
Windows Live Photo Common Beta-->MsiExec.exe /X{15643FB9-1509-44B2-A8CD-9868CB804A5B}
Windows Live Photo Common-->MsiExec.exe /X{61E7F654-7D99-4C69-94D8-DF53E297AF9B}
Windows Live PIMT Platform-->MsiExec.exe /I{B5BD2B33-FDB8-4DE5-87B3-2810CAF4A6E4}
Windows Live SOXE Definitions-->MsiExec.exe /I{74B0BEB0-2EB3-448F-B8E9-40983BC902E1}
Windows Live SOXE-->MsiExec.exe /I{EFBE9DAB-9C80-4911-847B-2A2C25E8F9CB}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{59AFDB2C-9A14-404E-8574-B4BDAEFD13CF}
Windows Live UX Platform-->MsiExec.exe /I{6592C2B8-949A-4C88-BCB9-0990A218B215}
Windows Live Writer Resources-->MsiExec.exe /X{62D14F31-92AF-4854-B9C9-C08F7F557F84}
Windows Live Writer-->MsiExec.exe /X{EE338AB8-4E85-4C04-AC07-1357A266DD35}
Wolfenstein - Enemy Territory-->G:\WOLFEN~2\Uninstall\Unwise.exe /u G:\WOLFEN~2\Uninstall\Install.log
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
Xtremsplit 1.2-->C:\Program Files (x86)\Xtremsplit 1.2\Uninstal.exe
ZebHelpProcess 2.36-->"C:\Program Files (x86)\ZebHelpProcess\unins000.exe"

======Hosts File======

127.0.0.1       localhost
::1             localhost
127.0.0.1 		activate.adobe.com

======System event log======

Computer Name: Yo-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 670
Source Name: atikmdag
Time Written: 20100707223205.600826-000
Event Type: Erreur
User: 

Computer Name: Yo-PC
Event Code: 43029
Message: Display is not active
Record Number: 558
Source Name: atikmdag
Time Written: 20100707222201.577235-000
Event Type: Erreur
User: 

Computer Name: Yo-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 557
Source Name: atikmdag
Time Written: 20100707222201.577235-000
Event Type: Erreur
User: 

Computer Name: Yo-PC
Event Code: 43029
Message: Display is not active
Record Number: 494
Source Name: atikmdag
Time Written: 20100707221908.265671-000
Event Type: Erreur
User: 

Computer Name: Yo-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 493
Source Name: atikmdag
Time Written: 20100707221908.265671-000
Event Type: Erreur
User: 

=====Application event log=====

Computer Name: Yo-PC
Event Code: 1000
Message: 
Record Number: 275
Source Name: Microsoft-Windows-User Profiles General
Time Written: 20100707224308.000000-000
Event Type: Erreur
User: 

Computer Name: Yo-PC
Event Code: 1000
Message: 
Record Number: 274
Source Name: Microsoft-Windows-User Profiles General
Time Written: 20100707224308.000000-000
Event Type: Erreur
User: 

Computer Name: Yo-PC
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. 

DÉTAIL - 
1 user registry handles leaked from \Registry\User\S-1-5-21-1007721139-29448798-3616368982-1001:
Process 456 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1007721139-29448798-3616368982-1001

Record Number: 217
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100707221924.711908-000
Event Type: Avertissement
User: AUTORITE NT\Système

Computer Name: Yo-PC
Event Code: 1008
Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}. 

Record Number: 99
Source Name: Microsoft-Windows-Search
Time Written: 20100707221254.000000-000
Event Type: Avertissement
User: 

Computer Name: Yo-PC
Event Code: 11
Message: Fuite de mémoire possible.  L’application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID : 296) a transmis un pointeur non NULL à RPC pour un paramètre [out] marqué [allocate(all_nodes)].  Les paramètres [allocate(all_nodes)] sont toujours réaffectés ; si le pointeur initial contenait une adresse mémoire valide, cela entraînerait une fuite de cette mémoire.  L’appel provenait de l’interface avec l’UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Numéro de méthode (20).  Action utilisateur : contactez le fournisseur de l’application pour obtenir une version mise à jour.
Record Number: 98
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100707221240.247051-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE LOCAL

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Un groupe local dont la sécurité est activée a été modifié.

Sujet :
ID de sécurité :		S-1-5-18
Nom du compte :		37L4247E29-32$
Domaine du compte :		WORKGROUP
ID d’ouverture de session :		0x3e7

Groupe :
ID de sécurité :		S-1-5-32-551
Nom du groupe :		Opérateurs de sauvegarde
Domaine du groupe :		Builtin

Attributs modifiés :
Nom du compte SAM :	-
Historique SID :		-

Informations supplémentaires :
Privilèges :		-
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100707220543.813284-000
Event Type: Succès de l’audit
User: 

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Un groupe local dont la sécurité est activée a été créé.

Sujet :
ID de sécurité :		S-1-5-18
Nom du compte :		37L4247E29-32$
Domaine du compte :		WORKGROUP
ID d’ouverture de session :		0x3e7

Nouveau groupe :
ID de sécurité :		S-1-5-32-551
Nom du groupe :		Opérateurs de sauvegarde
Domaine du groupe :		Builtin

Attributs :
Nom du compte SAM :	Opérateurs de sauvegarde
Historique SID :		-

Informations supplémentaires :
Privilèges :		-
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100707220543.797684-000
Event Type: Succès de l’audit
User: 

Computer Name: 37L4247E29-32
Event Code: 4902
Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments :	0
ID de la stratégie :	0x2f7c5
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100707220542.861683-000
Event Type: Succès de l’audit
User: 

Computer Name: 37L4247E29-32
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité :		S-1-0-0
Nom du compte :		-
Domaine du compte :		-
ID d’ouverture de session :		0x0

Type d’ouverture de session :			0

Nouvelle ouverture de session :
ID de sécurité :		S-1-5-18
Nom du compte :		Système
Domaine du compte :		AUTORITE NT
ID d’ouverture de session :		0x3e7
GUID d’ouverture de session :		{00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus :		0x4
Nom du processus :		

Informations sur le réseau :
Nom de la station de travail :	-
Adresse du réseau source :	-
Port source :		-

Informations détaillées sur l’authentification :
Processus d’ouverture de session :		-
Package d’authentification :	-
Services en transit :	-
Nom du package (NTLM uniquement) :	-
Longueur de la clé :		0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100707220538.727675-000
Event Type: Succès de l’audit
User: 

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100707220538.556075-000
Event Type: Succès de l’audit
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b

-----------------EOF-----------------


 

  • MBAM

 

  • mbam-log-2010-07-27 (03-33-20).txt

 

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4356

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/07/2010 03:39:47
mbam-log-2010-07-27 (03-39-47).txt

Type d'examen: Examen complet (C:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 497486
Temps écoulé: 2 heure(s), 17 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Yo\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSAHook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Yo\Downloads\VLCSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
F:\Keygen all product Sony\Keygen all product Sony\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
F:\Photoshop 7.0\Clone CD 4\CloneCD.v4.0.0.1.Keygen.Only-TMG\Clonecd4.0.0.1kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
F:\TuneUp Utilities 2010 - 9.0.4200.55\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
H:\Mes fichiers reçus\apf_alc\crack\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Mes téléchargements\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
H:\Mes téléchargements\GMG_4.2_Portable\GMG_4.2_Portable\Portable GIF Movie Gear 4.2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\Yo\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Yo\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Yo\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Yo\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
C:\Users\Yo\AppData\Roaming\install\iexplorer.exe (Backdoor.Bot) -> Delete on reboot.

 

Les 3 rapport ont été noter, j'attend la suite ;)

Lien vers le commentaire
Partager sur d’autres sites
Invité
Ce sujet ne peut plus recevoir de nouvelles réponses.
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...