Pas encore inscrit ?

Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs !

Se connecter

ou

S’inscrire

Nouveau sujet de Yoman0 [Résolu]

Par Mark
le 27 juillet 2010 dans Analyses et éradication malwares

Abonnés 0

Messages recommandés

Mark

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

Bonjour Yoman, Thanos

Dû à un bug du forum, le sujet original est complètement bloqué. Le proprio pourrait le faire débloquer, mais ça ne serait pas pour aujourd'hui ni demain. J'ouvre donc ce nouveau sujet avec les messages postés par Yoman. Les messages seront de moi, mais je vais les mettre dans l'ordre et je dois les séparer car trop lourds. Les messages de Thanos n'y seront pas, mais je pense qu'il va se souvenir...

Bonne continuation

=======================

Première partie :

Bonjour à tous,

J'ai eu quelques suspicions sur un programme qui s'exécutait au démarrage de windows, je me suis renseigné et mes doutes se sont confirmé.

Je pense savoir d'ou il vient. Il y a quelques jours (une dizaine environ), j'ai téléchargé sur un site de confiance (wawamania.eu, sans faire de pub) un logiciel "illégalement", dans celui-ci se trouvai un "crack" qui malheureusement ne semble pas l'être. :outch: (Je préfère vous le dire et être honnête, çela fera avancé plus vite les choses.)

J'ai actuellement "Outpost Firewall Pro" (que j'ai installé récemment) et "Microsoft Security Essentials" (j'ai voulu le testé, étant gratuits et nouveau, c'est fort intéressant pour un produit Microsoft).

J'ai tenté plusieurs action (amateur) pour éliminer ce virus:

Supprimer le fichier: Se trouvant a cette adresse: "C:\Users\Yo\AppData\Roaming\install\iexplorer.exe", après suppression, il réapparait instantanément ^^

Supprimer le processus: Le processus revient lui aussi instantanément.

Supprimer l'auto-démarrage: Avec TuneUp utilities, mais même résultat que les deux précédant...

Avec Le firewall "Outpost", j'ai bloqué tous ses accès de communication (blocage de port), donc il ne devrait plus envoyé ou recevoir de données.

J'ai pas mal de connaissance en informatique, mais préfère sur ce cas avoir des conseils d'expert pour traité au mieux ce problème de sécurité.

Merci d'avance pour vos réponse et je suis a votre disposition pour tous renseignements complémentaires.

===

Bonjour, merci pour vos reponses rapide.

Effectivement, le lien pour MBAM est mort, mais je l'ai téléchargé sur le site officiel (version gratuite)

*********************

Voici les fichiers de rapports:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Yo at 2010-07-27 01:21:36

Microsoft Windows 7 Édition Intégrale

System drive C: has 22 GB (37%) free of 59 GB

Total RAM: 4094 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:21:44, on 27/07/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Windows\SysWOW64\explorer.exe

C:\Users\Yo\AppData\Roaming\install\iexplorer.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

c:\program files (x86)\common files\installshield\updateservice\isuspm.exe

C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Mumble\mumble.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Yo\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Yo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mp3, mp3 download, download mp3 songs

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot

O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Google Chrome] C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - HKCU\..\Run: [Windows Live Mail] C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

O4 - HKCU\..\Run: [HKCU] C:\Users\Yo\AppData\Roaming\install\iexplorer.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe

O4 - Global Startup: UltraMon.lnk = ?

O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O20 - AppInit_DLLs: c:\progra~1\outpos~1\wl_hook.dll

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

End of file - 24661 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1007721139-29448798-3616368982-1001Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1007721139-29448798-3616368982-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-05-26 448384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]

"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]

"Hercules DJ Series"=C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [2010-02-03 1297192]

"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]

"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-06-07 4176760]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

"Google Chrome"=C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe [2010-06-29 945720]

"Windows Live Mail"=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2010-06-07 92024]

"HKCU"=C:\Users\Yo\AppData\Roaming\install\iexplorer.exe [2010-07-25 2502671]

"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico

C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\progra~1\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=0

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"NoDriveAutoRun"=0

"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-07-27 01:16:17 ----D---- C:\Program Files (x86)\trend micro

2010-07-27 01:16:16 ----D---- C:\rsit

2010-07-27 01:11:49 ----D---- C:\Users\Yo\AppData\Roaming\Malwarebytes

2010-07-27 01:11:35 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

2010-07-27 01:11:33 ----D---- C:\ProgramData\Malwarebytes

2010-07-27 01:11:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-07-26 18:18:14 ----D---- C:\Users\Yo\AppData\Roaming\Beat Hazard

2010-07-26 03:09:36 ----D---- C:\ProgramData\regid.1986-12.com.adobe

2010-07-26 03:03:02 ----D---- C:\Program Files (x86)\Common Files\Akamai

2010-07-26 03:00:46 ----D---- C:\Windows\SysWOW64\Macromed

2010-07-26 03:00:25 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR

2010-07-26 02:27:41 ----A---- C:\UsbFix.txt

2010-07-26 02:27:15 ----D---- C:\UsbFix

2010-07-26 02:14:07 ----A---- C:\Windows\SysWOW64\DBCLIENT.DLL

2010-07-26 02:14:06 ----D---- C:\Program Files (x86)\Common Files\Borland Shared

2010-07-26 02:13:41 ----D---- C:\Program Files (x86)\ZebHelpProcess

2010-07-23 19:37:12 ----D---- C:\ProgramData\Agnitum

2010-07-23 14:12:55 ----D---- C:\Users\Yo\AppData\Roaming\Realtime Soft

2010-07-23 14:12:48 ----D---- C:\Program Files (x86)\Common Files\Realtime Soft

2010-07-23 14:12:47 ----D---- C:\ProgramData\Realtime Soft

2010-07-23 03:11:44 ----D---- C:\Program Files (x86)\Fake Voice

2010-07-22 23:39:19 ----D---- C:\ProgramData\Sun

2010-07-22 23:39:15 ----D---- C:\Program Files (x86)\Common Files\Java

2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\javaws.exe

2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\javaw.exe

2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\java.exe

2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\deployJava1.dll

2010-07-22 23:38:18 ----D---- C:\Program Files (x86)\Java

2010-07-22 22:30:38 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe

2010-07-22 22:17:41 ----D---- C:\Program Files (x86)\FreeVPN

2010-07-22 22:17:28 ----A---- C:\Users\Yo\AppData\Roaming\free.VPN by di-gi-mrc.exe

2010-07-22 21:02:58 ----D---- C:\Users\Yo\AppData\Roaming\AutoHideIP

2010-07-22 21:02:58 ----D---- C:\ProgramData\AutoHideIP

2010-07-22 21:01:13 ----D---- C:\Program Files (x86)\AutoHideIP

2010-07-22 14:53:44 ----A---- C:\Users\Yo\AppData\Roaming\AutoHideIP-4.6.7.2.Setup.exe

2010-07-22 14:53:42 ----D---- C:\Program Files (x86)\Xenocode

2010-07-21 13:51:34 ----A---- C:\Windows\SysWOW64\HDJAsiou.dll

2010-07-21 13:51:34 ----A---- C:\Windows\SysWOW64\HDJAsioCpl.dll

2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HRFDongle.dll

2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HDJSAPI.dll

2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HDJAPI.dll

2010-07-21 13:50:56 ----D---- C:\Users\Yo\AppData\Roaming\InstallShield

2010-07-20 12:22:21 ----D---- C:\Users\Yo\AppData\Roaming\vlc

2010-07-20 12:21:46 ----D---- C:\Program Files (x86)\VideoLAN

2010-07-20 12:21:05 ----D---- C:\Users\Yo\AppData\Roaming\ClickPotatoLite

2010-07-20 12:21:05 ----D---- C:\ProgramData\ClickPotatoLiteSA

2010-07-20 12:21:05 ----D---- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

2010-07-20 12:21:05 ----D---- C:\Program Files (x86)\ClickPotatoLite

2010-07-20 02:08:01 ----D---- C:\Users\Yo\AppData\Roaming\FileZilla

2010-07-20 02:05:57 ----D---- C:\Program Files (x86)\FileZilla FTP Client

2010-07-19 13:36:34 ----RA---- C:\Windows\SysWOW64\LgExport.dll

2010-07-19 13:36:34 ----RA---- C:\Windows\SysWOW64\LGDispDrv.dll

2010-07-19 13:36:20 ----D---- C:\Program Files (x86)\LG Soft India

2010-07-19 02:11:00 ----D---- C:\Program Files (x86)\CCleaner

2010-07-18 14:13:58 ----D---- C:\ProgramData\Adobe

2010-07-18 14:13:36 ----D---- C:\Program Files (x86)\Common Files\Adobe

2010-07-18 14:13:36 ----D---- C:\Program Files (x86)\Adobe

2010-07-18 14:08:33 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games

2010-07-17 23:59:13 ----D---- C:\Users\Yo\AppData\Roaming\MessengerGadget

2010-07-17 18:51:35 ----D---- C:\Users\Yo\AppData\Roaming\install

2010-07-17 18:50:16 ----D---- C:\Program Files (x86)\VirtualDJ

2010-07-17 16:46:15 ----D---- C:\Program Files (x86)\Common Files\Steam

2010-07-17 14:35:33 ----D---- C:\Windows\PixArt

2010-07-17 12:34:59 ----D---- C:\Windows\Minidump

2010-07-17 04:32:37 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll

2010-07-17 04:32:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll

2010-07-17 04:32:36 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll

2010-07-17 04:32:35 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll

2010-07-17 04:32:35 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll

2010-07-17 04:32:34 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll

2010-07-17 04:32:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll

2010-07-17 04:32:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll

2010-07-17 04:32:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll

2010-07-17 04:32:31 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll

2010-07-17 04:32:30 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll

2010-07-17 04:32:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll

2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll

2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll

2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll

2010-07-17 04:32:28 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll

2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll

2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll

2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll

2010-07-17 04:32:26 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll

2010-07-14 21:12:45 ----D---- C:\Program Files (x86)\OCCT

2010-07-10 03:19:48 ----D---- C:\Program Files (x86)\MSXML 4.0

2010-07-09 21:04:40 ----A---- C:\Windows\SysWOW64\xfcodec.dll

2010-07-09 17:23:23 ----D---- C:\ProgramData\Age of Empires 3

2010-07-09 16:59:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite

2010-07-09 16:59:14 ----D---- C:\Users\Yo\AppData\Roaming\DAEMON Tools Lite

2010-07-09 16:59:12 ----D---- C:\ProgramData\DAEMON Tools Lite

2010-07-09 02:15:10 ----D---- C:\Users\Yo\AppData\Roaming\Notepad++

2010-07-08 14:42:19 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe

2010-07-08 03:58:27 ----A---- C:\Windows\SysWOW64\msv1_0.dll

2010-07-08 03:47:21 ----D---- C:\Windows\SysWOW64\Wat

2010-07-08 03:30:53 ----D---- C:\Program Files (x86)\Microsoft.NET

2010-07-08 03:29:18 ----HD---- C:\Windows\Icons

2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll

2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\PresentationHost.exe

2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\netfxperf.dll

2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\mscoree.dll

2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\dfshim.dll

2010-07-08 03:13:19 ----A---- C:\Windows\SysWOW64\asycfilt.dll

2010-07-08 03:13:00 ----A---- C:\Windows\SysWOW64\ntdll.dll

2010-07-08 03:12:47 ----A---- C:\Windows\SysWOW64\vbscript.dll

2010-07-08 03:12:45 ----A---- C:\Windows\SysWOW64\wmp.dll

2010-07-08 03:12:44 ----A---- C:\Windows\SysWOW64\wmploc.DLL

2010-07-08 03:12:44 ----A---- C:\Windows\SysWOW64\CertEnroll.dll

2010-07-08 03:12:29 ----A---- C:\Windows\SysWOW64\secproc_isv.dll

2010-07-08 03:12:28 ----A---- C:\Windows\SysWOW64\secproc.dll

2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll

2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe

2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\RMActivate.exe

2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll

2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe

2010-07-08 03:12:11 ----A---- C:\Windows\SysWOW64\inetcomm.dll

2010-07-08 03:12:01 ----A---- C:\Windows\SysWOW64\t2embed.dll

2010-07-08 03:11:51 ----A---- C:\Windows\SysWOW64\explorer.exe

2010-07-08 03:11:51 ----A---- C:\Windows\explorer.exe

2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\wow32.dll

2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\user.exe

2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\setup16.exe

2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\ntvdm64.dll

2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\instnm.exe

2010-07-08 03:11:30 ----A---- C:\Windows\SysWOW64\CPFilters.dll

2010-07-08 03:11:28 ----A---- C:\Windows\SysWOW64\psisdecd.dll

2010-07-08 03:11:22 ----A---- C:\Windows\SysWOW64\quartz.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\tsbyuv.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msyuv.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msvidc32.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msrle32.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\mciavi32.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\iyuv_32.dll

2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\avifil32.dll

2010-07-08 03:11:18 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe

2010-07-08 03:11:18 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe

2010-07-08 03:11:13 ----A---- C:\Windows\SysWOW64\jscript.dll

2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\sspicli.dll

2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\shell32.dll

2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\secur32.dll

2010-07-08 03:10:58 ----A---- C:\Windows\SysWOW64\msasn1.dll

2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\fontsub.dll

2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\atmlib.dll

2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\atmfd.dll

2010-07-08 03:10:54 ----A---- C:\Windows\SysWOW64\tzres.dll

2010-07-08 03:10:49 ----A---- C:\Windows\SysWOW64\mshtml.dll

2010-07-08 03:10:48 ----A---- C:\Windows\SysWOW64\ieframe.dll

2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\wininet.dll

2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\urlmon.dll

2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\mstime.dll

2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll

2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\iedkcs32.dll

2010-07-08 03:10:45 ----A---- C:\Windows\SysWOW64\jsproxy.dll

2010-07-08 02:39:56 ----D---- C:\ProgramData\Futuremark

2010-07-08 02:36:21 ----D---- C:\Users\Yo\AppData\Roaming\Windows Live Writer

2010-07-08 02:30:22 ----D---- C:\Program Files (x86)\Windows Live

2010-07-08 02:30:08 ----D---- C:\Windows\PCHEALTH

2010-07-08 02:28:47 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2010-07-08 02:28:26 ----D---- C:\Program Files (x86)\Microsoft

2010-07-08 02:27:51 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll

2010-07-08 02:27:51 ----A---- C:\Windows\SysWOW64\mf.dll

2010-07-08 02:27:48 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL

2010-07-08 02:26:19 ----D---- C:\Program Files (x86)\Common Files\Windows Live

2010-07-08 02:19:54 ----D---- C:\Program Files (x86)\Common Files\Futuremark Shared

2010-07-08 02:18:50 ----D---- C:\Program Files (x86)\Futuremark

2010-07-08 02:18:33 ----D---- C:\Windows\SysWOW64\AGEIA

2010-07-08 02:18:31 ----D---- C:\Program Files (x86)\AGEIA Technologies

2010-07-08 02:18:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll

2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll

2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll

2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll

2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll

2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll

2010-07-08 02:18:19 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll

2010-07-08 02:18:16 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll

2010-07-08 02:18:15 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll

2010-07-08 02:18:15 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll

2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll

2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll

2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll

2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll

2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll

2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll

2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll

2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll

2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll

2010-07-08 02:18:11 ----A---- C:\Windows\SysWOW64\xinput1_3.dll

2010-07-08 02:18:11 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll

2010-07-08 02:18:10 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll

2010-07-08 02:18:10 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll

2010-07-08 02:18:09 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll

2010-07-08 02:18:08 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll

2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll

2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll

2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\d3dx10.dll

2010-07-08 02:18:02 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll

2010-07-08 02:18:02 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll

2010-07-08 02:18:01 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll

2010-07-08 02:18:00 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll

2010-07-08 02:17:59 ----A---- C:\Windows\SysWOW64\xinput1_2.dll

2010-07-08 02:17:59 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll

2010-07-08 02:17:58 ----A---- C:\Windows\SysWOW64\xinput1_1.dll

2010-07-08 02:17:57 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll

2010-07-08 02:17:47 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll

2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll

2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll

2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll

2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll

2010-07-08 02:17:42 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll

2010-07-08 02:17:41 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll

2010-07-08 02:17:41 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll

2010-07-08 02:17:39 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll

2010-07-08 02:12:43 ----A---- C:\Windows\SysWOW64\uxtuneup.dll

2010-07-08 02:12:43 ----A---- C:\Windows\SysWOW64\authuitu.dll

2010-07-08 02:12:31 ----D---- C:\Users\Yo\AppData\Roaming\TuneUp Software

2010-07-08 02:12:25 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010

2010-07-08 02:12:05 ----D---- C:\ProgramData\TuneUp Software

2010-07-08 02:12:00 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-07-08 02:01:16 ----A---- C:\Windows\gdrv.sys

2010-07-08 01:58:55 ----D---- C:\Program Files (x86)\Microsoft Antimalware

2010-07-08 01:27:36 ----D---- C:\Program Files (x86)\EVEREST Ultimate Edition

2010-07-08 01:05:42 ----D---- C:\Windows\SysWOW64\RTCOM

2010-07-08 01:04:57 ----D---- C:\Program Files (x86)\Realtek

2010-07-08 01:04:54 ----HD---- C:\Program Files (x86)\Temp

2010-07-08 01:04:52 ----R---- C:\Windows\RtlExUpd.dll

2010-07-08 01:04:44 ----D---- C:\Users\Yo\AppData\Roaming\ATI

2010-07-08 01:04:44 ----D---- C:\ProgramData\ATI

2010-07-08 01:04:28 ----D---- C:\Windows\Panther

2010-07-08 01:00:58 ----RA---- C:\Windows\SysWOW64\CSVer.dll

2010-07-08 01:00:58 ----D---- C:\Program Files (x86)\Intel

2010-07-08 01:00:44 ----D---- C:\Intel

2010-07-08 01:00:23 ----HD---- C:\Program Files (x86)\DeviceVM

2010-07-08 00:56:12 ----D---- C:\ProgramData\InstallShield

2010-07-08 00:56:09 ----D---- C:\Program Files (x86)\Gigabyte

2010-07-08 00:56:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2010-07-08 00:55:51 ----D---- C:\Program Files (x86)\Common Files\InstallShield

2010-07-08 00:54:49 ----A---- C:\Windows\IsUninst.exe

2010-07-08 00:54:25 ----D---- C:\Program Files (x86)\Common Files\ATI Technologies

2010-07-08 00:54:24 ----D---- C:\Program Files (x86)\ATI

2010-07-08 00:53:39 ----D---- C:\Program Files (x86)\ATI Technologies

2010-07-08 00:50:36 ----D---- C:\ATI

2010-07-08 00:50:18 ----A---- C:\Windows\GSetup.ini

2010-07-08 00:33:40 ----D---- C:\Users\Yo\AppData\Roaming\Xfire

2010-07-08 00:33:39 ----D---- C:\ProgramData\Xfire

2010-07-08 00:33:38 ----D---- C:\Program Files (x86)\Xfire

2010-07-08 00:21:00 ----D---- C:\Users\Yo\AppData\Roaming\Mumble

2010-07-08 00:20:49 ----D---- C:\Program Files (x86)\Mumble

2010-07-08 00:20:23 ----D---- C:\Users\Yo\AppData\Roaming\Macromedia

2010-07-08 00:20:23 ----D---- C:\Users\Yo\AppData\Roaming\Adobe

2010-07-08 00:18:26 ----D---- C:\Program Files (x86)\Adobe Photoshop CS4

2010-07-08 00:18:22 ----D---- C:\Program Files (x86)\Xtremsplit 1.2

2010-07-08 00:18:22 ----A---- C:\Windows\SysWOW64\wintrust.dll

2010-07-08 00:18:06 ----A---- C:\Windows\SysWOW64\cabview.dll

2010-07-08 00:17:39 ----SHD---- C:\Windows\Installer

2010-07-08 00:17:33 ----D---- C:\Program Files (x86)\Notepad++

2010-07-08 00:17:27 ----A---- C:\WPI_Log_2010.07.08_00.17.27.txt

2010-07-08 00:15:49 ----AD---- C:\WPI_Audio

2010-07-08 00:15:29 ----A---- C:\WPI_Log_2010.07.08_00.15.29.txt

2010-07-08 00:14:28 ----D---- C:\Users\Yo\AppData\Roaming\Identities

2010-07-08 00:13:25 ----SD---- C:\Users\Yo\AppData\Roaming\Microsoft

2010-07-08 00:13:25 ----D---- C:\Users\Yo\AppData\Roaming\Media Center Programs

2010-07-08 00:12:52 ----SHD---- C:\Recovery

2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Modèles

2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Menu Démarrer

2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Favoris

2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Bureau

2010-07-08 00:08:32 ----D---- C:\Windows\SoftwareDistribution

2010-07-08 00:05:38 ----D---- C:\Windows\Prefetch

2010-07-08 00:05:18 ----ASH---- C:\pagefile.sys

2010-07-08 00:05:16 ----SHD---- C:\System Volume Information

2010-07-08 00:05:16 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2010-07-27 01:21:43 ----D---- C:\Windows\Temp

2010-07-27 01:16:17 ----RD---- C:\Program Files (x86)

2010-07-27 01:11:35 ----D---- C:\Windows\SysWOW64\drivers

2010-07-27 01:11:33 ----HD---- C:\ProgramData

2010-07-26 12:02:47 ----SHD---- C:\$Recycle.Bin

2010-07-26 12:01:21 ----RSD---- C:\Windows\Fonts

2010-07-26 04:37:14 ----D---- C:\Windows\SysWOW64

2010-07-26 03:03:26 ----D---- C:\Windows\winsxs

2010-07-26 03:03:02 ----D---- C:\Program Files (x86)\Common Files

2010-07-23 19:40:58 ----D---- C:\Windows\inf

2010-07-23 19:38:10 ----D---- C:\Windows

2010-07-23 19:37:37 ----RD---- C:\Program Files

2010-07-23 19:37:37 ----D---- C:\Windows\System32

2010-07-19 13:09:50 ----A---- C:\Windows\win.ini

2010-07-19 02:12:15 ----D---- C:\Windows\debug

2010-07-17 14:35:33 ----D---- C:\Windows\twain_32

2010-07-17 04:31:48 ----RSD---- C:\Windows\assembly

2010-07-17 04:28:17 ----D---- C:\Windows\Logs

2010-07-14 00:42:10 ----SD---- C:\ProgramData\Microsoft

2010-07-08 11:47:38 ----D---- C:\Program Files (x86)\Windows Mail

2010-07-08 07:56:57 ----D---- C:\Windows\rescache

2010-07-08 04:20:26 ----D---- C:\Windows\Microsoft.NET

2010-07-08 03:47:34 ----D---- C:\Program Files (x86)\Windows Media Player

2010-07-08 03:47:30 ----D---- C:\Windows\AppPatch

2010-07-08 03:47:21 ----D---- C:\Windows\ehome

2010-07-08 03:47:13 ----D---- C:\Program Files (x86)\Internet Explorer

2010-07-08 03:47:10 ----D---- C:\Windows\SysWOW64\fr-FR

2010-07-08 03:47:08 ----D---- C:\Windows\SysWOW64\migration

2010-07-08 03:30:54 ----D---- C:\Windows\SysWOW64\en-US

2010-07-08 02:36:31 ----D---- C:\Windows\LiveKernelReports

2010-07-08 02:29:26 ----D---- C:\Program Files (x86)\Common Files\microsoft shared

2010-07-08 01:03:58 ----D---- C:\Windows\Setup

2010-07-08 00:56:08 ----D---- C:\Windows\Downloaded Program Files

2010-07-08 00:19:28 ----D---- C:\Windows\Tasks

2010-07-08 00:13:21 ----RD---- C:\Users

2010-07-08 00:06:15 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []

R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys []

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []

R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox64.sys []

R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []

R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []

R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys []

R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys []

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []

R3 ASWFilt;ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt64.dll []

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []

R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys []

R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-07-26 25640]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []

R3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS []

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []

R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]

R3 vpcbus;Service de bus hôte Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys []

R3 vpcusb;Service du connecteur de virtualisation USB; C:\Windows\system32\DRIVERS\vpcusb.sys []

S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

S3 azjk9k63;azjk9k63; C:\Windows\SysWOW64\drivers\azjk9k63.sys []

S3 Bulk;HDJBulk; C:\Windows\System32\Drivers\HDJBulk.sys []

S3 cpuz130;cpuz130; \??\C:\Users\Yo\AppData\Local\Temp\cpuz130\cpuz_x64.sys []

S3 HDJAsioK;HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys []

S3 HDJMidi;Hercules DJ Console Rmx MIDI; C:\Windows\system32\DRIVERS\HDJMidi.sys []

S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2009-04-24 14336]

S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-04-24 18432]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []

S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []

S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []

S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []

S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\OUTPOS~1\acs.exe [2009-12-17 2373280]

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []

R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe [2009-07-30 68136]

R2 HerculesDJControlMP3;Hercules DJ Control MP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]

R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-08 75064]

R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-07-26 214816]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-07-06 1403200]

R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-05-26 2290048]

R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-06-17 395048]

S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-07-08 607040]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

Citer

Lien vers le commentaire

Partager sur d’autres sites

Mark

Posté(e) le 27 juillet 2010

Auteur

- Signaler
- Partager

Posté(e) le 27 juillet 2010

Deuxième partie :

info.txt logfile of random's system information tool 1.08 2010-07-27 01:16:51

======Uninstall list======

@BIOS Ver.2.06-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly

-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}

3DMark Vantage-->"C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe" -runfromtemp -l0x0009 -removeonly

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}

Adobe Dreamweaver CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{C79312BD-3E76-4474-A10C-1435D1856A4B}"

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Adobe Photoshop CS5-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{3EB745BA-194F-4475-9164-B20BB2172395}"

Adobe Reader 9.3.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}

Age of Empires III - The WarChiefs-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}

Age of Empires III-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}

AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}

Akamai NetSession Interface-->C:\Program Files (x86)\Common Files\Akamai\uninstall.exe

ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}

Auto Hide IP-->"C:\Program Files (x86)\AutoHideIP\uninst.exe"

Browser Configuration Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{5B363E1D-8C36-4458-BAE4-D5081999E094}\setup.exe" -runfromtemp -l0x040c -removeonly

Burnout Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}

Catalyst Control Center - Branding-->MsiExec.exe /I{87323561-58BA-4D5B-BADA-A791B69D1705}

CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"

ClickPotato-->"C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteUninstaller.exe" Web

D3DX10-->MsiExec.exe /X{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}

DMIView B8.0717.01-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly

Energy Saver Advance B9.0730.1-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7ED169D4-5053-4166-93DF-53B12AE6C539}\setup.exe" -l0x9 -removeonly

EVEREST Ultimate Edition v5.50-->"C:\Program Files (x86)\EVEREST Ultimate Edition\unins000.exe"

Fake Voice 2.0.0-->"C:\Program Files (x86)\Fake Voice\unins000.exe"

FileZilla Client 3.3.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe

forteManager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c -removeonly

FreeVPN v3.22-->"C:\Program Files (x86)\FreeVPN\unins000.exe"

Futuremark SystemInfo-->"C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly

Hercules DJ Products Series drivers-->C:\Program Files (x86)\InstallShield Installation Information\{33999F1F-EA46-4E55-A239-1BA803235396}\setup.exe -runfromtemp -l0x040c -removeonly

Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}

Junk Mail filter update-->MsiExec.exe /I{11EFF057-8ED2-4321-A19D-D673DECB36CC}

Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

MSVCRT_amd64-->MsiExec.exe /I{6917F87D-921D-4EFA-9AA5-8CDEA9E28520}

MSVCRT-->MsiExec.exe /I{035C76D2-7D8E-484D-8CA3-686C0B474A2B}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Mumble and Murmur-->C:\Program Files (x86)\Mumble\Uninstall.exe

Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe

OCCT Perestroika 3.1.0-->"C:\Program Files (x86)\OCCT\unins000.exe"

PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}

Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -removeonly

The Lord of the Rings FREE Trial -->MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}

TuneUp Utilities-->C:\Program Files (x86)\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall

Usbfix By C_XX & El Desaparecido-->"C:\Usbfix\Un-Usbfix.exe"

Virtual DJ - Atomix Productions-->C:\PROGRA~2\VIRTUA~1\UNWISE.EXE C:\PROGRA~2\VIRTUA~1\INSTALL.LOG

VLC media player 1.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Windows Live Bêta-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Bêta-->MsiExec.exe /I{231E4621-2428-405D-A7A4-8EB93486BAC7}

Windows Live Communications Platform-->MsiExec.exe /I{FA5D1C9E-154D-49B1-8CF0-DF5FAB6171EA}

Windows Live Installer-->MsiExec.exe /I{46BAF2A0-3789-4E49-B000-4BB64426D1BF}

Windows Live Mail-->MsiExec.exe /I{2607FE6B-1D61-46E5-A544-54666B0EF908}

Windows Live Mail-->MsiExec.exe /I{795851D4-BA00-4965-B2A8-94AA9C7C2789}

Windows Live Messenger-->MsiExec.exe /X{2578D94A-A88A-4643-9DAA-F0A5E981EB04}

Windows Live Messenger-->MsiExec.exe /X{8D73EFE7-ED6F-49C6-9685-C712A00F8DDD}

Windows Live Photo Common Beta-->MsiExec.exe /X{15643FB9-1509-44B2-A8CD-9868CB804A5B}

Windows Live Photo Common-->MsiExec.exe /X{61E7F654-7D99-4C69-94D8-DF53E297AF9B}

Windows Live PIMT Platform-->MsiExec.exe /I{B5BD2B33-FDB8-4DE5-87B3-2810CAF4A6E4}

Windows Live SOXE Definitions-->MsiExec.exe /I{74B0BEB0-2EB3-448F-B8E9-40983BC902E1}

Windows Live SOXE-->MsiExec.exe /I{EFBE9DAB-9C80-4911-847B-2A2C25E8F9CB}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{59AFDB2C-9A14-404E-8574-B4BDAEFD13CF}

Windows Live UX Platform-->MsiExec.exe /I{6592C2B8-949A-4C88-BCB9-0990A218B215}

Windows Live Writer Resources-->MsiExec.exe /X{62D14F31-92AF-4854-B9C9-C08F7F557F84}

Windows Live Writer-->MsiExec.exe /X{EE338AB8-4E85-4C04-AC07-1357A266DD35}

Wolfenstein - Enemy Territory-->G:\WOLFEN~2\Uninstall\Unwise.exe /u G:\WOLFEN~2\Uninstall\Install.log

Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"

Xtremsplit 1.2-->C:\Program Files (x86)\Xtremsplit 1.2\Uninstal.exe

ZebHelpProcess 2.36-->"C:\Program Files (x86)\ZebHelpProcess\unins000.exe"

======Hosts File======

127.0.0.1 localhost

::1 localhost

127.0.0.1 activate.adobe.com

======System event log======

Computer Name: Yo-PC

Event Code: 52236

Message: CPLIB :: General - Invalid Parameter

Record Number: 670

Source Name: atikmdag

Time Written: 20100707223205.600826-000

Event Type: Erreur

User:

Computer Name: Yo-PC

Event Code: 43029

Message: Display is not active

Record Number: 558

Source Name: atikmdag

Time Written: 20100707222201.577235-000

Event Type: Erreur

User:

Computer Name: Yo-PC

Event Code: 52236

Message: CPLIB :: General - Invalid Parameter

Record Number: 557

Source Name: atikmdag

Time Written: 20100707222201.577235-000

Event Type: Erreur

User:

Computer Name: Yo-PC

Event Code: 43029

Message: Display is not active

Record Number: 494

Source Name: atikmdag

Time Written: 20100707221908.265671-000

Event Type: Erreur

User:

Computer Name: Yo-PC

Event Code: 52236

Message: CPLIB :: General - Invalid Parameter

Record Number: 493

Source Name: atikmdag

Time Written: 20100707221908.265671-000

Event Type: Erreur

User:

=====Application event log=====

Computer Name: Yo-PC

Event Code: 1000

Message:

Record Number: 275

Source Name: Microsoft-Windows-User Profiles General

Time Written: 20100707224308.000000-000

Event Type: Erreur

User:

Computer Name: Yo-PC

Event Code: 1000

Message:

Record Number: 274

Source Name: Microsoft-Windows-User Profiles General

Time Written: 20100707224308.000000-000

Event Type: Erreur

User:

Computer Name: Yo-PC

Event Code: 1530

Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-1007721139-29448798-3616368982-1001:

Process 456 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1007721139-29448798-3616368982-1001

Record Number: 217

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100707221924.711908-000

Event Type: Avertissement

User: AUTORITE NT\Système

Computer Name: Yo-PC

Event Code: 1008

Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}.

Record Number: 99

Source Name: Microsoft-Windows-Search

Time Written: 20100707221254.000000-000

Event Type: Avertissement

User:

Computer Name: Yo-PC

Event Code: 11

Message: Fuite de mémoire possible. L’application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID : 296) a transmis un pointeur non NULL à RPC pour un paramètre [out] marqué [allocate(all_nodes)]. Les paramètres [allocate(all_nodes)] sont toujours réaffectés ; si le pointeur initial contenait une adresse mémoire valide, cela entraînerait une fuite de cette mémoire. L’appel provenait de l’interface avec l’UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Numéro de méthode (20). Action utilisateur : contactez le fournisseur de l’application pour obtenir une version mise à jour.

Record Number: 98

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20100707221240.247051-000

Event Type: Avertissement

User: AUTORITE NT\SERVICE LOCAL

=====Security event log=====

Computer Name: 37L4247E29-32

Event Code: 4735

Message: Un groupe local dont la sécurité est activée a été modifié.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : 37L4247E29-32$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

Groupe :

ID de sécurité : S-1-5-32-551

Nom du groupe : Opérateurs de sauvegarde

Domaine du groupe : Builtin

Attributs modifiés :

Nom du compte SAM : -

Historique SID : -

Informations supplémentaires :

Privilèges : -

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100707220543.813284-000

Event Type: Succès de l’audit

User:

Computer Name: 37L4247E29-32

Event Code: 4731

Message: Un groupe local dont la sécurité est activée a été créé.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : 37L4247E29-32$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

Nouveau groupe :

ID de sécurité : S-1-5-32-551

Nom du groupe : Opérateurs de sauvegarde

Domaine du groupe : Builtin

Attributs :

Nom du compte SAM : Opérateurs de sauvegarde

Historique SID : -

Informations supplémentaires :

Privilèges : -

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100707220543.797684-000

Event Type: Succès de l’audit

User:

Computer Name: 37L4247E29-32

Event Code: 4902

Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0

ID de la stratégie : 0x2f7c5

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100707220542.861683-000

Event Type: Succès de l’audit

User:

Computer Name: 37L4247E29-32

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :

ID de sécurité : S-1-0-0

Nom du compte : -

Domaine du compte : -

ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : Système

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :

ID du processus : 0x4

Nom du processus :

Informations sur le réseau :

Nom de la station de travail : -

Adresse du réseau source : -

Port source : -

Informations détaillées sur l’authentification :

Processus d’ouverture de session : -

Package d’authentification : -

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100707220538.727675-000

Event Type: Succès de l’audit

User:

Computer Name: 37L4247E29-32

Event Code: 4608

Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100707220538.556075-000

Event Type: Succès de l’audit

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

-----------------EOF-----------------

Citer

Lien vers le commentaire

Partager sur d’autres sites

Mark

Posté(e) le 27 juillet 2010

Auteur

- Signaler
- Partager

Posté(e) le 27 juillet 2010

Troisième partie :

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de données: 4356

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

27/07/2010 03:39:47

mbam-log-2010-07-27 (03-39-47).txt

Type d'examen: Examen complet (C:\|E:\|F:\|G:\|H:\|)

Elément(s) analysé(s): 497486

Temps écoulé: 2 heure(s), 17 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 26

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 10

Fichier(s) infecté(s): 29

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{30b15818-e110-4527-9c05-46ace5a3460d} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{618aad04-921f-44c2-be38-c0818af69861} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b5d2ed96-62f9-4c2c-956d-e425b1f67337} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d3a412e8-1e4b-47d2-9b12-f88291f5afbb} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Users\Yo\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSAHook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Users\Yo\Downloads\VLCSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.

F:\Keygen all product Sony\Keygen all product Sony\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

F:\Photoshop 7.0\Clone CD 4\CloneCD.v4.0.0.1.Keygen.Only-TMG\Clonecd4.0.0.1kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

F:\TuneUp Utilities 2010 - 9.0.4200.55\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

H:\Mes fichiers reçus\apf_alc\crack\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.

H:\Mes téléchargements\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

H:\Mes téléchargements\GMG_4.2_Portable\GMG_4.2_Portable\Portable GIF Movie Gear 4.2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.

C:\Users\Yo\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Yo\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

C:\Users\Yo\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Yo\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.

C:\Users\Yo\AppData\Roaming\install\iexplorer.exe (Backdoor.Bot) -> Delete on reboot.

====

Voilà (<< Mark)

Citer

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010 (modifié)

Merci Mark

J'ai effectuée un deuxième scan complet pour m'assurer que tout était bien supprimé et le rapport a l'air concluant car il ne retrouve plus rien:

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4356

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27/07/2010 05:52:12
mbam-log-2010-07-27 (05-52-12).txt

Type d'examen: Examen complet (C:\|E:\|F:\|G:\|H:\|)
Elément(s) analysé(s): 496573
Temps écoulé: 1 heure(s), 57 minute(s), 41 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

J'ai était vérifier, le fichier n'est plus a sa place, il n'y a plus de processus actif et le démarrage auto n'y est plus non plus. DOnc je pense que ce trojan à était éradiqué ! :super:

Après, c'est a toi de me le confirmer

Modifié le 27 juillet 2010 par Yoman0

Citer

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

salut

Un grand merci à Mark :super:

Yoman0: le rapport de RSIT est antérieur au rapport MBAM! poste moi un nouveau rapport RSIT stp car ca me permettra de voir si les rectifications faites par MBAM ont bien fonctionné.

Citer

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

salut

Un grand merci à Mark

Yoman0: le rapport de RSIT est antérieur au rapport MBAM! poste moi un nouveau rapport RSIT stp car ca me permettra de voir si les rectifications faites par MBAM ont bien fonctionné.

Bonjour,

Voici le rapport RIST.exe

Logfile of random's system information tool 1.08 (written by random/random)
Run by Yo at 2010-07-27 21:06:29
Microsoft Windows 7 Édition Intégrale  
System drive C: has 22 GB (37%) free of 59 GB
Total RAM: 4094 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:06:34, on 27/07/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Yo\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Yo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://shop.thefreevpn.com/home.php]http://shop.thefreevpn.com/home.php[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN : Hotmail, Messenger, Actualité, Sport et Vidéo[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://go.microsoft.com/fwlink/?LinkId=54896]Bing[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://go.microsoft.com/fwlink/?LinkId=69157]MSN : Hotmail, Messenger, Actualité, Sport et Vidéo[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Chrome] C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - HKCU\..\Run: [Windows Live Mail] C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: UltraMon.lnk = ?
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O20 - AppInit_DLLs: c:\progra~1\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\OUTPOS~1\acs.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 23596 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1007721139-29448798-3616368982-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1007721139-29448798-3616368982-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-05-26 448384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"Hercules DJ Series"=C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [2010-02-03 1297192]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-06-07 4176760]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Google Chrome"=C:\Users\Yo\AppData\Local\Google\Chrome\Application\chrome.exe [2010-06-29 945720]
"Windows Live Mail"=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2010-06-07 92024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
UltraMon.lnk - C:\Windows\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico

C:\Users\Yo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~1\outpos~1\wl_hook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-07-27 01:16:17 ----D---- C:\Program Files (x86)\trend micro
2010-07-27 01:16:16 ----D---- C:\rsit
2010-07-27 01:11:49 ----D---- C:\Users\Yo\AppData\Roaming\Malwarebytes
2010-07-27 01:11:35 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-07-27 01:11:33 ----D---- C:\ProgramData\Malwarebytes
2010-07-27 01:11:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-07-26 18:18:14 ----D---- C:\Users\Yo\AppData\Roaming\Beat Hazard
2010-07-26 03:09:36 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-07-26 03:03:02 ----D---- C:\Program Files (x86)\Common Files\Akamai
2010-07-26 03:00:46 ----D---- C:\Windows\SysWOW64\Macromed
2010-07-26 03:00:25 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-07-26 02:27:41 ----A---- C:\UsbFix.txt
2010-07-26 02:27:15 ----D---- C:\UsbFix
2010-07-26 02:14:07 ----A---- C:\Windows\SysWOW64\DBCLIENT.DLL
2010-07-26 02:14:06 ----D---- C:\Program Files (x86)\Common Files\Borland Shared
2010-07-26 02:13:41 ----D---- C:\Program Files (x86)\ZebHelpProcess
2010-07-23 19:37:12 ----D---- C:\ProgramData\Agnitum
2010-07-23 14:12:55 ----D---- C:\Users\Yo\AppData\Roaming\Realtime Soft
2010-07-23 14:12:48 ----D---- C:\Program Files (x86)\Common Files\Realtime Soft
2010-07-23 14:12:47 ----D---- C:\ProgramData\Realtime Soft
2010-07-23 03:11:44 ----D---- C:\Program Files (x86)\Fake Voice
2010-07-22 23:39:19 ----D---- C:\ProgramData\Sun
2010-07-22 23:39:15 ----D---- C:\Program Files (x86)\Common Files\Java
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\java.exe
2010-07-22 23:38:35 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2010-07-22 23:38:18 ----D---- C:\Program Files (x86)\Java
2010-07-22 22:30:38 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2010-07-22 22:17:41 ----D---- C:\Program Files (x86)\FreeVPN
2010-07-22 22:17:28 ----A---- C:\Users\Yo\AppData\Roaming\free.VPN by di-gi-mrc.exe
2010-07-22 21:02:58 ----D---- C:\Users\Yo\AppData\Roaming\AutoHideIP
2010-07-22 21:02:58 ----D---- C:\ProgramData\AutoHideIP
2010-07-22 21:01:13 ----D---- C:\Program Files (x86)\AutoHideIP
2010-07-22 14:53:44 ----A---- C:\Users\Yo\AppData\Roaming\AutoHideIP-4.6.7.2.Setup.exe
2010-07-22 14:53:42 ----D---- C:\Program Files (x86)\Xenocode
2010-07-21 13:51:34 ----A---- C:\Windows\SysWOW64\HDJAsiou.dll
2010-07-21 13:51:34 ----A---- C:\Windows\SysWOW64\HDJAsioCpl.dll
2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HRFDongle.dll
2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HDJSAPI.dll
2010-07-21 13:51:33 ----A---- C:\Windows\SysWOW64\HDJAPI.dll
2010-07-21 13:50:56 ----D---- C:\Users\Yo\AppData\Roaming\InstallShield
2010-07-20 12:22:21 ----D---- C:\Users\Yo\AppData\Roaming\vlc
2010-07-20 12:21:46 ----D---- C:\Program Files (x86)\VideoLAN
2010-07-20 02:08:01 ----D---- C:\Users\Yo\AppData\Roaming\FileZilla
2010-07-20 02:05:57 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2010-07-19 13:36:34 ----RA---- C:\Windows\SysWOW64\LgExport.dll
2010-07-19 13:36:34 ----RA---- C:\Windows\SysWOW64\LGDispDrv.dll
2010-07-19 13:36:20 ----D---- C:\Program Files (x86)\LG Soft India
2010-07-19 02:11:00 ----D---- C:\Program Files (x86)\CCleaner
2010-07-18 14:13:58 ----D---- C:\ProgramData\Adobe
2010-07-18 14:13:36 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-07-18 14:13:36 ----D---- C:\Program Files (x86)\Adobe
2010-07-18 14:08:33 ----D---- C:\Program Files (x86)\Common Files\Microsoft Games
2010-07-17 23:59:13 ----D---- C:\Users\Yo\AppData\Roaming\MessengerGadget
2010-07-17 18:50:16 ----D---- C:\Program Files (x86)\VirtualDJ
2010-07-17 16:46:15 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-07-17 14:35:33 ----D---- C:\Windows\PixArt
2010-07-17 12:34:59 ----D---- C:\Windows\Minidump
2010-07-17 04:32:37 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-07-17 04:32:37 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-07-17 04:32:36 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-07-17 04:32:35 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-07-17 04:32:35 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-07-17 04:32:34 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-07-17 04:32:33 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-07-17 04:32:32 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-07-17 04:32:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-07-17 04:32:31 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-07-17 04:32:30 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-07-17 04:32:30 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-07-17 04:32:29 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-07-17 04:32:28 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-07-17 04:32:27 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-07-17 04:32:26 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-07-14 21:12:45 ----D---- C:\Program Files (x86)\OCCT
2010-07-10 03:19:48 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-07-09 21:04:40 ----A---- C:\Windows\SysWOW64\xfcodec.dll
2010-07-09 17:23:23 ----D---- C:\ProgramData\Age of Empires 3
2010-07-09 16:59:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-07-09 16:59:14 ----D---- C:\Users\Yo\AppData\Roaming\DAEMON Tools Lite
2010-07-09 16:59:12 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-07-09 02:15:10 ----D---- C:\Users\Yo\AppData\Roaming\Notepad++
2010-07-08 14:42:19 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-08 03:58:27 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-07-08 03:47:21 ----D---- C:\Windows\SysWOW64\Wat
2010-07-08 03:30:53 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-08 03:29:18 ----HD---- C:\Windows\Icons
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-07-08 03:28:01 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-07-08 03:13:19 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-07-08 03:13:00 ----A---- C:\Windows\SysWOW64\ntdll.dll
2010-07-08 03:12:47 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-07-08 03:12:45 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-07-08 03:12:44 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-07-08 03:12:44 ----A---- C:\Windows\SysWOW64\CertEnroll.dll
2010-07-08 03:12:29 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-07-08 03:12:28 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-07-08 03:12:27 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-07-08 03:12:26 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-07-08 03:12:11 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-07-08 03:12:01 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-07-08 03:11:51 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-07-08 03:11:51 ----A---- C:\Windows\explorer.exe
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\wow32.dll
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\user.exe
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\setup16.exe
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2010-07-08 03:11:41 ----A---- C:\Windows\SysWOW64\instnm.exe
2010-07-08 03:11:30 ----A---- C:\Windows\SysWOW64\CPFilters.dll
2010-07-08 03:11:28 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-07-08 03:11:22 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-07-08 03:11:21 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-07-08 03:11:18 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2010-07-08 03:11:18 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2010-07-08 03:11:13 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\sspicli.dll
2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-07-08 03:11:12 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-07-08 03:10:58 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-07-08 03:10:57 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-07-08 03:10:54 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-07-08 03:10:49 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-07-08 03:10:48 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-07-08 03:10:46 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-07-08 03:10:45 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-07-08 02:39:56 ----D---- C:\ProgramData\Futuremark
2010-07-08 02:36:21 ----D---- C:\Users\Yo\AppData\Roaming\Windows Live Writer
2010-07-08 02:30:22 ----D---- C:\Program Files (x86)\Windows Live
2010-07-08 02:30:08 ----D---- C:\Windows\PCHEALTH
2010-07-08 02:28:47 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-07-08 02:28:26 ----D---- C:\Program Files (x86)\Microsoft
2010-07-08 02:27:51 ----A---- C:\Windows\SysWOW64\mfreadwrite.dll
2010-07-08 02:27:51 ----A---- C:\Windows\SysWOW64\mf.dll
2010-07-08 02:27:48 ----A---- C:\Windows\SysWOW64\WMVDECOD.DLL
2010-07-08 02:26:19 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2010-07-08 02:19:54 ----D---- C:\Program Files (x86)\Common Files\Futuremark Shared
2010-07-08 02:18:50 ----D---- C:\Program Files (x86)\Futuremark
2010-07-08 02:18:33 ----D---- C:\Windows\SysWOW64\AGEIA
2010-07-08 02:18:31 ----D---- C:\Program Files (x86)\AGEIA Technologies
2010-07-08 02:18:26 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-07-08 02:18:21 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-07-08 02:18:20 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-07-08 02:18:19 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-07-08 02:18:16 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-07-08 02:18:15 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-07-08 02:18:15 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-07-08 02:18:14 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-07-08 02:18:13 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-07-08 02:18:12 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-07-08 02:18:11 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-07-08 02:18:11 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-07-08 02:18:10 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-07-08 02:18:10 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-07-08 02:18:09 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-07-08 02:18:08 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-07-08 02:18:07 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-07-08 02:18:02 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-07-08 02:18:02 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-07-08 02:18:01 ----A---- C:\Windows\SysWOW64\d3dx9_31.dll
2010-07-08 02:18:00 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-07-08 02:17:59 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-07-08 02:17:59 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-07-08 02:17:58 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-07-08 02:17:57 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-07-08 02:17:47 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-07-08 02:17:45 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-07-08 02:17:42 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-07-08 02:17:41 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-07-08 02:17:41 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-07-08 02:17:39 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-07-08 02:12:43 ----A---- C:\Windows\SysWOW64\uxtuneup.dll
2010-07-08 02:12:43 ----A---- C:\Windows\SysWOW64\authuitu.dll
2010-07-08 02:12:31 ----D---- C:\Users\Yo\AppData\Roaming\TuneUp Software
2010-07-08 02:12:25 ----D---- C:\Program Files (x86)\TuneUp Utilities 2010
2010-07-08 02:12:05 ----D---- C:\ProgramData\TuneUp Software
2010-07-08 02:12:00 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-08 02:01:16 ----A---- C:\Windows\gdrv.sys
2010-07-08 01:58:55 ----D---- C:\Program Files (x86)\Microsoft Antimalware
2010-07-08 01:27:36 ----D---- C:\Program Files (x86)\EVEREST Ultimate Edition
2010-07-08 01:05:42 ----D---- C:\Windows\SysWOW64\RTCOM
2010-07-08 01:04:57 ----D---- C:\Program Files (x86)\Realtek
2010-07-08 01:04:54 ----HD---- C:\Program Files (x86)\Temp
2010-07-08 01:04:52 ----R---- C:\Windows\RtlExUpd.dll
2010-07-08 01:04:44 ----D---- C:\Users\Yo\AppData\Roaming\ATI
2010-07-08 01:04:44 ----D---- C:\ProgramData\ATI
2010-07-08 01:04:28 ----D---- C:\Windows\Panther
2010-07-08 01:00:58 ----RA---- C:\Windows\SysWOW64\CSVer.dll
2010-07-08 01:00:58 ----D---- C:\Program Files (x86)\Intel
2010-07-08 01:00:44 ----D---- C:\Intel
2010-07-08 01:00:23 ----HD---- C:\Program Files (x86)\DeviceVM
2010-07-08 00:56:12 ----D---- C:\ProgramData\InstallShield
2010-07-08 00:56:09 ----D---- C:\Program Files (x86)\Gigabyte
2010-07-08 00:56:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-08 00:55:51 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-07-08 00:54:49 ----A---- C:\Windows\IsUninst.exe
2010-07-08 00:54:25 ----D---- C:\Program Files (x86)\Common Files\ATI Technologies
2010-07-08 00:54:24 ----D---- C:\Program Files (x86)\ATI
2010-07-08 00:53:39 ----D---- C:\Program Files (x86)\ATI Technologies
2010-07-08 00:50:36 ----D---- C:\ATI
2010-07-08 00:50:18 ----A---- C:\Windows\GSetup.ini
2010-07-08 00:33:40 ----D---- C:\Users\Yo\AppData\Roaming\Xfire
2010-07-08 00:33:39 ----D---- C:\ProgramData\Xfire
2010-07-08 00:33:38 ----D---- C:\Program Files (x86)\Xfire
2010-07-08 00:21:00 ----D---- C:\Users\Yo\AppData\Roaming\Mumble
2010-07-08 00:20:49 ----D---- C:\Program Files (x86)\Mumble
2010-07-08 00:20:23 ----D---- C:\Users\Yo\AppData\Roaming\Macromedia
2010-07-08 00:20:23 ----D---- C:\Users\Yo\AppData\Roaming\Adobe
2010-07-08 00:18:26 ----D---- C:\Program Files (x86)\Adobe Photoshop CS4
2010-07-08 00:18:22 ----D---- C:\Program Files (x86)\Xtremsplit 1.2
2010-07-08 00:18:22 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-07-08 00:18:06 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-07-08 00:17:39 ----SHD---- C:\Windows\Installer
2010-07-08 00:17:33 ----D---- C:\Program Files (x86)\Notepad++
2010-07-08 00:17:27 ----A---- C:\WPI_Log_2010.07.08_00.17.27.txt
2010-07-08 00:15:49 ----AD---- C:\WPI_Audio
2010-07-08 00:15:29 ----A---- C:\WPI_Log_2010.07.08_00.15.29.txt
2010-07-08 00:14:28 ----D---- C:\Users\Yo\AppData\Roaming\Identities
2010-07-08 00:13:25 ----SD---- C:\Users\Yo\AppData\Roaming\Microsoft
2010-07-08 00:13:25 ----D---- C:\Users\Yo\AppData\Roaming\Media Center Programs
2010-07-08 00:12:52 ----SHD---- C:\Recovery
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Modèles
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Menu Démarrer
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Favoris
2010-07-08 00:12:52 ----SHD---- C:\ProgramData\Bureau
2010-07-08 00:08:32 ----D---- C:\Windows\SoftwareDistribution
2010-07-08 00:05:38 ----D---- C:\Windows\Prefetch
2010-07-08 00:05:18 ----ASH---- C:\pagefile.sys
2010-07-08 00:05:16 ----SHD---- C:\System Volume Information
2010-07-08 00:05:16 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2010-07-27 21:06:18 ----D---- C:\Windows\Temp
2010-07-27 15:01:13 ----RD---- C:\Program Files
2010-07-27 03:39:47 ----RD---- C:\Program Files (x86)
2010-07-27 03:39:46 ----HD---- C:\ProgramData
2010-07-27 01:11:35 ----D---- C:\Windows\SysWOW64\drivers
2010-07-26 12:02:47 ----SHD---- C:\$Recycle.Bin
2010-07-26 12:01:21 ----RSD---- C:\Windows\Fonts
2010-07-26 04:37:14 ----D---- C:\Windows\SysWOW64
2010-07-26 03:03:26 ----D---- C:\Windows\winsxs
2010-07-26 03:03:02 ----D---- C:\Program Files (x86)\Common Files
2010-07-23 19:40:58 ----D---- C:\Windows\inf
2010-07-23 19:38:10 ----D---- C:\Windows
2010-07-23 19:37:37 ----D---- C:\Windows\System32
2010-07-19 13:09:50 ----A---- C:\Windows\win.ini
2010-07-19 02:12:15 ----D---- C:\Windows\debug
2010-07-17 14:35:33 ----D---- C:\Windows\twain_32
2010-07-17 04:31:48 ----RSD---- C:\Windows\assembly
2010-07-17 04:28:17 ----D---- C:\Windows\Logs
2010-07-14 00:42:10 ----SD---- C:\ProgramData\Microsoft
2010-07-08 11:47:38 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-08 07:56:57 ----D---- C:\Windows\rescache
2010-07-08 04:20:26 ----D---- C:\Windows\Microsoft.NET
2010-07-08 03:47:34 ----D---- C:\Program Files (x86)\Windows Media Player
2010-07-08 03:47:30 ----D---- C:\Windows\AppPatch
2010-07-08 03:47:21 ----D---- C:\Windows\ehome
2010-07-08 03:47:13 ----D---- C:\Program Files (x86)\Internet Explorer
2010-07-08 03:47:10 ----D---- C:\Windows\SysWOW64\fr-FR
2010-07-08 03:47:08 ----D---- C:\Windows\SysWOW64\migration
2010-07-08 03:30:54 ----D---- C:\Windows\SysWOW64\en-US
2010-07-08 02:36:31 ----D---- C:\Windows\LiveKernelReports
2010-07-08 02:29:26 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-07-08 01:03:58 ----D---- C:\Windows\Setup
2010-07-08 00:56:08 ----D---- C:\Windows\Downloaded Program Files
2010-07-08 00:19:28 ----D---- C:\Windows\Tasks
2010-07-08 00:13:21 ----RD---- C:\Users
2010-07-08 00:06:15 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R1 afw;Agnitum Firewall Driver; C:\Windows\system32\DRIVERS\afw.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 SandBox;SandBox; \??\C:\Windows\system32\drivers\SandBox64.sys []
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys []
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys []
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x64.sys []
R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x64.sys []
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R3 afwcore;afwcore; C:\Windows\system32\drivers\afwcore.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 ASWFilt;ASWFilt; \??\C:\Windows\system32\Filt\ASWFilt64.dll []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys []
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [2010-03-31 26752]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-07-27 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
R3 vpcbus;Service de bus hôte Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys []
R3 vpcusb;Service du connecteur de virtualisation USB; C:\Windows\system32\DRIVERS\vpcusb.sys []
S3 aqx49e4f;aqx49e4f; C:\Windows\SysWOW64\drivers\aqx49e4f.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 Bulk;HDJBulk; C:\Windows\System32\Drivers\HDJBulk.sys []
S3 cpuz130;cpuz130; \??\C:\Users\Yo\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 HDJAsioK;HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys []
S3 HDJMidi;Hercules DJ Console Rmx MIDI; C:\Windows\system32\DRIVERS\HDJMidi.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2009-04-24 14336]
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2009-04-24 18432]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\OUTPOS~1\acs.exe [2009-12-17 2373280]
R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 GEST Service;GEST Service for program management.; C:\Program Files (x86)\Gigabyte\EnergySaver\GSvr.exe [2009-07-30 68136]
R2 HerculesDJControlMP3;Hercules DJ Control MP3; C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 20480]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17424]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-08 75064]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-07-06 1403200]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-05-26 2290048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-06-17 395048]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TuneUp.Defrag;@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-07-08 607040]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

Citer

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

salut

Ok le rapport est clean Tu ne dois plus reçevoir d'alertes de ton pare-feu: tu me diras si c'est bien le cas.

Le site wawamania.eu est typiquement le genre de site à éviter! Pour info =>

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation des cracks/Keygen/serials et des logiciels P2P (même si je ne vois pas de programme p2p sur ton pc )

Pour t'en convaincre, lis ces topics très clairs:

*Article de Malekal concernant les cracks => Malekal's forum • Le danger des cracks ! : Sécurité : Prévention, virus & arnaques et dangers d'Internet

*Article de Ogu sur les fausses idées concernant le peer to peer => (clique sur l'image).

Les infections véhiculées pas le peer to peer sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> VirusTraQ - Informations Virus - Worm.Win32_Sumom-A

Maintenant que tu sais, c'est à toi de voir... est ce que ca vaut le coup de risquer une grosse infection(et mettre tes données en peril)? La plupart des logiciels payants ont un équivalent en freeware.

A des fins d'analyse de virus/malwares, nous téléchargeons de nombreux cracks: il se trouve que ce sont quasiment tous des malwares. Aussi fais attention car rien n'est vraiment gratuit sur la toile!

Citer

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

Ok, merci pour les renseignements. Et surtout un grand merci pour votre aide.

Continuez comme ça, ce que vous faites est super.

Bonne continuation a vous, je n'hésiterais pas a utiliser votre forum en cas de soucis maintenant :bigglasses:

Citer

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

avant de te laisser partir, une chose très importante!!

Je vois que ton pc n'est pas protégé par un antivirus: il est donc très vulnérable.Sinon tu risques la réinfection rapide du pc...

Je te conseille d'installer Antivir au plus vite car c'est un produit efficace =>

-Télécharge Antivir sur le bureau.

- Installe Antivir.

- Mets Antivir à jour et fais un scan du pc avec Antivir comme ceci >>

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

Double-clique sur son icône près de l'horloge: cela ouvre l'interface principale.

Clique ensuite sur "Contrôler syst." à droite de "Dernier contrôle syst. intégral".

/!\\ Cela peut être long.

Sauvegarde le rapport en fin de parcours (bouton "Rapport").

Si Antivir détecte des fichiers infectés, mets les en quarantaine: choisis "Déplacer en quarantaine" dans la liste des actions.

Tu peux automatiser ce type d'action en cochant la case Appliquer la sélection à toutes les détections.

Cela permet de ne pas rester à la surveiller.

Citer

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Posté(e) le 27 juillet 2010

- Signaler
- Partager

Posté(e) le 27 juillet 2010

Oui, j'ai un antivirus: "Microsoft Security Essentials", mais pas assez performant je pense =(

Je vais surement suivre tes conseils et installer celui-ci. Merci.

Citer

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Répondre à ce sujet…

× Collé en tant que texte enrichi. Coller en tant que texte brut à la place

Seulement 75 émoticônes maximum sont autorisées.

× Votre lien a été automatiquement intégré. Afficher plutôt comme un lien

× Votre contenu précédent a été rétabli. Vider l’éditeur

× Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

Insérer une image depuis une URL

Abonnés 0

Aller sur la liste des sujets

En ligne récemment 0 membre est en ligne
- Aucun utilisateur enregistré regarde cette page.

Connexion

Pas encore inscrit ?

Nouveau sujet de Yoman0 [Résolu]

Messages recommandés

Mark

Lien vers le commentaire

Partager sur d’autres sites

Mark

Lien vers le commentaire

Partager sur d’autres sites

Mark

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Lien vers le commentaire

Partager sur d’autres sites

Thanos

Lien vers le commentaire

Partager sur d’autres sites

Yoman0

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer