Supprimer le virus worm.win32.VB.dz
Fermé
toifelon
-
14 mai 2009 à 17:37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 27 nov. 2009 à 09:46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 27 nov. 2009 à 09:46
A voir également:
- Supprimer le virus worm.win32.VB.dz
- Supprimer une page word - Guide
- Supprimer compte instagram - Guide
- Supprimer edge - Guide
- Supprimer bing - Guide
- Supprimer compte facebook - Guide
14 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
14 mai 2009 à 17:41
14 mai 2009 à 17:41
slt
tu as le rapport kaspersky a nous soumettre svp?
et
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
tu as le rapport kaspersky a nous soumettre svp?
et
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Merci pour ta rapidité jlpjlp tu es au top.
Voila le rapport kaspersky :
14/05/2009 17:24:51 Lancement de la tâche
14/05/2009 17:24:54 Détectés: Worm.Win32.VB.dz F:\desktop.exe/PE_Patch.UPX/UPX
14/05/2009 17:25:04 Détectés: Worm.Win32.VB.dz F:\desktop2.exe
14/05/2009 17:25:13 Non réparés: Worm.Win32.VB.dz F:\desktop.exe/PE_Patch.UPX/UPX Reporté
14/05/2009 17:25:21 Non réparés: Worm.Win32.VB.dz F:\desktop2.exe Reporté
Je vais essayer ta solution et je te tiens au courant
Voila le rapport kaspersky :
14/05/2009 17:24:51 Lancement de la tâche
14/05/2009 17:24:54 Détectés: Worm.Win32.VB.dz F:\desktop.exe/PE_Patch.UPX/UPX
14/05/2009 17:25:04 Détectés: Worm.Win32.VB.dz F:\desktop2.exe
14/05/2009 17:25:13 Non réparés: Worm.Win32.VB.dz F:\desktop.exe/PE_Patch.UPX/UPX Reporté
14/05/2009 17:25:21 Non réparés: Worm.Win32.VB.dz F:\desktop2.exe Reporté
Je vais essayer ta solution et je te tiens au courant
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
14 mai 2009 à 18:20
14 mai 2009 à 18:20
colle le rapport RSIt ici dans ton prochain message
mariavasil
Messages postés
3
Date d'inscription
mercredi 14 octobre 2009
Statut
Membre
Dernière intervention
14 octobre 2009
14 oct. 2009 à 11:28
14 oct. 2009 à 11:28
J'ai le même probloème. Mac Affee a detecté le virus W32/VBNA.worm (deux) et un ficier BIEDIIL.SRC sur mon disque dur externe.
Le disque dur externe n'apparait plus comme un disue H mais comme un dossier. Ce dossier ne s'ouvre pas en cliquant la dessus, mais il s'ouvre avec les options du bouton droit de la sourie; donc je peux quend même ouvrir mon disque dur externe;
L'analyse complète avait été effectuée sur mon PC, rien trouvé;
j'ai suivi les conseils la dessus. Voici le rapport : info.txt logfile of random's system information tool 1.06 2009-10-14 10:46:45
Le disque dur externe n'apparait plus comme un disue H mais comme un dossier. Ce dossier ne s'ouvre pas en cliquant la dessus, mais il s'ouvre avec les options du bouton droit de la sourie; donc je peux quend même ouvrir mon disque dur externe;
L'analyse complète avait été effectuée sur mon PC, rien trouvé;
j'ai suivi les conseils la dessus. Voici le rapport : info.txt logfile of random's system information tool 1.06 2009-10-14 10:46:45
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
mariavasil
Messages postés
3
Date d'inscription
mercredi 14 octobre 2009
Statut
Membre
Dernière intervention
14 octobre 2009
14 oct. 2009 à 11:28
14 oct. 2009 à 11:28
J'ai le même probloème. Mac Affee a detecté le virus W32/VBNA.worm (deux) et un ficier BIEDIIL.SRC sur mon disque dur externe.
Le disque dur externe n'apparait plus comme un disue H mais comme un dossier. Ce dossier ne s'ouvre pas en cliquant la dessus, mais il s'ouvre avec les options du bouton droit de la sourie; donc je peux quend même ouvrir mon disque dur externe;
L'analyse complète avait été effectuée sur mon PC, rien trouvé;
j'ai suivi les conseils la dessus. Voici le rapport : info.txt logfile of random's system information tool 1.06 2009-10-14 10:46:45
Le disque dur externe n'apparait plus comme un disue H mais comme un dossier. Ce dossier ne s'ouvre pas en cliquant la dessus, mais il s'ouvre avec les options du bouton droit de la sourie; donc je peux quend même ouvrir mon disque dur externe;
L'analyse complète avait été effectuée sur mon PC, rien trouvé;
j'ai suivi les conseils la dessus. Voici le rapport : info.txt logfile of random's system information tool 1.06 2009-10-14 10:46:45
mariavasil
Messages postés
3
Date d'inscription
mercredi 14 octobre 2009
Statut
Membre
Dernière intervention
14 octobre 2009
14 oct. 2009 à 11:28
14 oct. 2009 à 11:28
J'ai le même probloème. Mac Affee a detecté le virus W32/VBNA.worm (deux) et un ficier BIEDIIL.SRC sur mon disque dur externe.
Le disque dur externe n'apparait plus comme un disue H mais comme un dossier. Ce dossier ne s'ouvre pas en cliquant la dessus, mais il s'ouvre avec les options du bouton droit de la sourie; donc je peux quend même ouvrir mon disque dur externe;
L'analyse complète avait été effectuée sur mon PC, rien trouvé;
j'ai suivi les conseils la dessus. Voici le rapport : info.txt logfile of random's system information tool 1.06
Le disque dur externe n'apparait plus comme un disue H mais comme un dossier. Ce dossier ne s'ouvre pas en cliquant la dessus, mais il s'ouvre avec les options du bouton droit de la sourie; donc je peux quend même ouvrir mon disque dur externe;
L'analyse complète avait été effectuée sur mon PC, rien trouvé;
j'ai suivi les conseils la dessus. Voici le rapport : info.txt logfile of random's system information tool 1.06
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
14 oct. 2009 à 11:53
14 oct. 2009 à 11:53
et l'autre rapport de rsit?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 nov. 2009 à 09:08
20 nov. 2009 à 09:08
ok vu que personne n'a poursuivi . Colle les rapports rsit
et voici
info.txt logfile of random's system information tool 1.06 2009-11-20 03:28:25
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Agere Systems HDA Modem-->agrsmdel
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AMD Driver Support for HP 3D DriverGuard-->MsiExec.exe /X{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Brother HL-2030-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E596F335-89FB-4CF0-83A6-EE468C6D4481}\SETUP.exe" -l0x40c -removeonly /uninst
Catalyst Control Center - Branding-->MsiExec.exe /I{37AF26EB-ACCD-4F9C-A13E-81483F932203}
Credential Manager for HP ProtectTools-->rundll32.exe "c:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {0F98662A-EA83-414F-8766-3FCE46A32641}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Drive Encryption for HP ProtectTools-->MsiExec.exe /I{F657EF23-08BB-4C8D-B688-78C20FA657EA}
Favorit-->"c:\documents and settings\administrator\local settings\application data\oxhgoxf.exe" -uninstall
Fidelio Cruise Version 7.30 Software-->MsiExec.exe /I{7EBAAF99-B4E0-4862-A042-24B0F1AF04B2}
FileZilla Client 3.2.4-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP 3D DriveGuard-->MsiExec.exe /X{E5C1C126-1687-4868-A3DD-B807176E4970}
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP JavaCard for HP ProtectTools-->MsiExec.exe /I{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}
HP ProtectTools Security Manager Suite-->C:\WINDOWS\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\WINDOWS\Installer\15495000.msi
HP ProtectTools Security Manager-->MsiExec.exe /I{D405A9E1-5D02-46FB-A2B3-796F1F218B32}
HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Software Setup 5.00.A.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0108-->MsiExec.exe /I{B79DB290-9F72-4B20-9776-848D7832705B}
HP Wallpaper-->MsiExec.exe /I{F173C2B3-296F-458C-98FF-1676A42EBA02}
HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
LANconfig-->C:\Program Files\LANCOM\setup.exe /remove:LANconfig
LANmonitor/WLANmonitor-->C:\Program Files\LANCOM\setup.exe /remove:LANmonitor
Live-Player-->C:\Program Files\Live-Player\uninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 Series (KB969878)-->"C:\WINDOWS\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SureThing CD Labeler MicroBoards Edition 5-->"C:\Program Files\SureThing CD Labeler 5 - MicroBoards\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
True Sword 5-->"C:\Program Files\True Sword 5\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VistaStumbler-->MsiExec.exe /I{16F9EAC4-6DD4-4776-B35E-AFEE8F7BAB5A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zebra Performance Line Driver Installation-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{40D1C6DE-538F-406F-9FFD-500DFA911424}
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 091023-0] (outdated)
======System event log======
Computer Name: FC-EMBARK1
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.
Record Number: 25099
Source Name: Ftdisk
Time Written: 20091115173510.000000-480
Event Type: warning
User:
Computer Name: FC-EMBARK1
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2D9455D0-1C97-4AEC-AA0F-84A6459D01E7}.
Record Number: 25081
Source Name: Server
Time Written: 20091115170533.000000-480
Event Type: warning
User:
Computer Name: FC-EMBARK1
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2D9455D0-1C97-4AEC-AA0F-84A6459D01E7}.
Record Number: 25064
Source Name: Server
Time Written: 20091115162338.000000-480
Event Type: warning
User:
Computer Name: FC-EMBARK1
Event Code: 19
Message: Sharing printer failed + 1722, Printer Zebra P330i USB Card Printer (Copy 1) share name Printer.
Record Number: 24701
Source Name: Print
Time Written: 20091113074015.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: FC-EMBARK1
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.
Record Number: 24695
Source Name: Win32k
Time Written: 20091112205427.000000-480
Event Type: warning
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Oracle\product\10.1.0\Client_1\bin;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin\client;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"OnlineServices"=Online Services
"Platform"=BNB
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-20 03:27:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 184 GB (78%) free of 237 GB
Total RAM: 1789 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:21, on 20/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\hid2ser.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\xalih.exe
C:\documents and settings\administrator\local settings\application data\oxhgoxf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6HCVEDEX\RSIT[1].exe
C:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [xalih] C:\Documents and Settings\Administrator\xalih.exe
O4 - HKCU\..\Run: [MailBlocker] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [oxhgoxf] "c:\documents and settings\administrator\local settings\application data\oxhgoxf.exe" oxhgoxf
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9455D0-1C97-4AEC-AA0F-84A6459D01E7}: NameServer = 194.2.0.20,194.2.0.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7DB597-57A4-4C3C-ABBA-A589EC8051C0}: NameServer = 192.168.1.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HID2SER Dispatcher (HID2SER) - DESKO GmbH. - C:\WINDOWS\System32\hid2ser.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
info.txt logfile of random's system information tool 1.06 2009-11-20 03:28:25
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Agere Systems HDA Modem-->agrsmdel
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AMD Driver Support for HP 3D DriverGuard-->MsiExec.exe /X{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Brother HL-2030-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E596F335-89FB-4CF0-83A6-EE468C6D4481}\SETUP.exe" -l0x40c -removeonly /uninst
Catalyst Control Center - Branding-->MsiExec.exe /I{37AF26EB-ACCD-4F9C-A13E-81483F932203}
Credential Manager for HP ProtectTools-->rundll32.exe "c:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {0F98662A-EA83-414F-8766-3FCE46A32641}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Drive Encryption for HP ProtectTools-->MsiExec.exe /I{F657EF23-08BB-4C8D-B688-78C20FA657EA}
Favorit-->"c:\documents and settings\administrator\local settings\application data\oxhgoxf.exe" -uninstall
Fidelio Cruise Version 7.30 Software-->MsiExec.exe /I{7EBAAF99-B4E0-4862-A042-24B0F1AF04B2}
FileZilla Client 3.2.4-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP 3D DriveGuard-->MsiExec.exe /X{E5C1C126-1687-4868-A3DD-B807176E4970}
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP JavaCard for HP ProtectTools-->MsiExec.exe /I{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}
HP ProtectTools Security Manager Suite-->C:\WINDOWS\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\WINDOWS\Installer\15495000.msi
HP ProtectTools Security Manager-->MsiExec.exe /I{D405A9E1-5D02-46FB-A2B3-796F1F218B32}
HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Software Setup 5.00.A.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0108-->MsiExec.exe /I{B79DB290-9F72-4B20-9776-848D7832705B}
HP Wallpaper-->MsiExec.exe /I{F173C2B3-296F-458C-98FF-1676A42EBA02}
HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
LANconfig-->C:\Program Files\LANCOM\setup.exe /remove:LANconfig
LANmonitor/WLANmonitor-->C:\Program Files\LANCOM\setup.exe /remove:LANmonitor
Live-Player-->C:\Program Files\Live-Player\uninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
Oracle Data Provider for .NET Help-->MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 Series (KB969878)-->"C:\WINDOWS\$NtUninstallKB969878_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SureThing CD Labeler MicroBoards Edition 5-->"C:\Program Files\SureThing CD Labeler 5 - MicroBoards\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
True Sword 5-->"C:\Program Files\True Sword 5\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VistaStumbler-->MsiExec.exe /I{16F9EAC4-6DD4-4776-B35E-AFEE8F7BAB5A}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zebra Performance Line Driver Installation-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{40D1C6DE-538F-406F-9FFD-500DFA911424}
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 091023-0] (outdated)
======System event log======
Computer Name: FC-EMBARK1
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.
Record Number: 25099
Source Name: Ftdisk
Time Written: 20091115173510.000000-480
Event Type: warning
User:
Computer Name: FC-EMBARK1
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2D9455D0-1C97-4AEC-AA0F-84A6459D01E7}.
Record Number: 25081
Source Name: Server
Time Written: 20091115170533.000000-480
Event Type: warning
User:
Computer Name: FC-EMBARK1
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2D9455D0-1C97-4AEC-AA0F-84A6459D01E7}.
Record Number: 25064
Source Name: Server
Time Written: 20091115162338.000000-480
Event Type: warning
User:
Computer Name: FC-EMBARK1
Event Code: 19
Message: Sharing printer failed + 1722, Printer Zebra P330i USB Card Printer (Copy 1) share name Printer.
Record Number: 24701
Source Name: Print
Time Written: 20091113074015.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: FC-EMBARK1
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.
Record Number: 24695
Source Name: Win32k
Time Written: 20091112205427.000000-480
Event Type: warning
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Oracle\product\10.1.0\Client_1\bin;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin\client;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"OnlineServices"=Online Services
"Platform"=BNB
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-20 03:27:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 184 GB (78%) free of 237 GB
Total RAM: 1789 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:21, on 20/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\hid2ser.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\xalih.exe
C:\documents and settings\administrator\local settings\application data\oxhgoxf.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6HCVEDEX\RSIT[1].exe
C:\Program Files\trend micro\Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [xalih] C:\Documents and Settings\Administrator\xalih.exe
O4 - HKCU\..\Run: [MailBlocker] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [oxhgoxf] "c:\documents and settings\administrator\local settings\application data\oxhgoxf.exe" oxhgoxf
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D9455D0-1C97-4AEC-AA0F-84A6459D01E7}: NameServer = 194.2.0.20,194.2.0.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7DB597-57A4-4C3C-ABBA-A589EC8051C0}: NameServer = 192.168.1.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HID2SER Dispatcher (HID2SER) - DESKO GmbH. - C:\WINDOWS\System32\hid2ser.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 nov. 2009 à 13:54
20 nov. 2009 à 13:54
ok tu en as un paquet
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
_________________
• Télécharge et installe
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
https://www.androidworld.fr/
par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
_________________
• Télécharge et installe
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
https://www.androidworld.fr/
par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
Voici le premier rapport
Fix Navipromo version 4.0.5 commencé le 20/11/2009 10:48:14.85
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm)X2 Dual Core Mobile RM-70 )
BIOS : Default System BIOS
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:231 Go (Free:179 Go)
D:\ (Local Disk) - FAT32 - Total:1 Go (Free:0 Go)
E:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:698 Go (Free:19 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
C:\Program Files\Live-Player supprimé !
c:\docume~1\alluse~1\startm~1\programs\Live-Player supprimé !
C:\Documents and Settings\Administrator\applic~1\Live-Player supprimé !
c:\docume~1\alluse~1\desktop\Live-Player.lnk supprimé !
C:\WINDOWS\prefetch\oxhgoxf*.pf supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf.exe supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf.dat supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf_nav.dat supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrator\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Scan terminé 20/11/2009 10:55:40.04 ***
Fix Navipromo version 4.0.5 commencé le 20/11/2009 10:48:14.85
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm)X2 Dual Core Mobile RM-70 )
BIOS : Default System BIOS
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:231 Go (Free:179 Go)
D:\ (Local Disk) - FAT32 - Total:1 Go (Free:0 Go)
E:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:698 Go (Free:19 Go)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
C:\Program Files\Live-Player supprimé !
c:\docume~1\alluse~1\startm~1\programs\Live-Player supprimé !
C:\Documents and Settings\Administrator\applic~1\Live-Player supprimé !
c:\docume~1\alluse~1\desktop\Live-Player.lnk supprimé !
C:\WINDOWS\prefetch\oxhgoxf*.pf supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf.exe supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf.dat supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf_nav.dat supprimé !
c:\docume~1\admini~1\locals~1\applic~1\oxhgoxf_navps.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrator\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Scan terminé 20/11/2009 10:55:40.04 ***
et voici le deuxieme rapport
############################## | UsbFix V6.055 |
User : Administrator (Administrators) # FC-EMBARK1
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 11:09:46 | 20/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 231.87 Go (180.75 Go free) # NTFS
D:\ -> Local Fixed Disk # 1 Go (857.95 Mo free) [HP_TOOLS] # FAT32
E:\ -> CD-ROM Disc
G:\ -> Local Fixed Disk # 698.64 Go (19.67 Go free) [SAM] # NTFS
H:\ -> Local Fixed Disk # 74.52 Go (12.81 Go free) # NTFS
I:\ -> Removable Disk # 967.2 Mo (114.36 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 636
C:\WINDOWS\system32\csrss.exe 696
C:\WINDOWS\system32\winlogon.exe 728
C:\WINDOWS\system32\services.exe 772
C:\WINDOWS\system32\lsass.exe 784
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\system32\Ati2evxx.exe 996
C:\WINDOWS\system32\svchost.exe 1020
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1092
C:\WINDOWS\system32\svchost.exe 1172
C:\WINDOWS\System32\svchost.exe 1264
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1292
C:\WINDOWS\system32\svchost.exe 1340
c:\Program Files\ActivIdentity\ActivClient\acevents.exe 1388
C:\WINDOWS\system32\svchost.exe 1480
C:\WINDOWS\system32\Ati2evxx.exe 1564
C:\WINDOWS\system32\svchost.exe 1624
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1728
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1804
C:\WINDOWS\system32\spoolsv.exe 208
C:\WINDOWS\System32\SCardSvr.exe 244
C:\WINDOWS\Explorer.EXE 692
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe 700
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe 428
C:\WINDOWS\system32\svchost.exe 548
C:\WINDOWS\system32\msdtc.exe 1100
c:\Program Files\ActivIdentity\ActivClient\accoca.exe 1456
C:\WINDOWS\msc.exe 1496
C:\WINDOWS\system32\agrsmsvc.exe 1348
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 924
C:\Program Files\Bonjour\mDNSResponder.exe 1648
C:\WINDOWS\System32\hid2ser.exe 2076
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe 2088
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe 2152
C:\WINDOWS\system32\svchost.exe 2540
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2700
C:\WINDOWS\system32\mqsvc.exe 2780
C:\WINDOWS\system32\ctfmon.exe 2840
C:\WINDOWS\system32\mqtgsvc.exe 3392
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3452
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3488
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3536
C:\WINDOWS\System32\alg.exe 4020
C:\WINDOWS\system32\wbem\wmiprvse.exe 3024
C:\Program Files\iTunes\iTunesHelper.exe 1864
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2772
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe 468
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 4160
C:\WINDOWS\system32\ctfmon.exe 4176
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 4200
C:\Documents and Settings\Administrator\xalih.exe 4332
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 4496
C:\Program Files\iPod\bin\iPodService.exe 4552
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe 4912
C:\Program Files\Internet Explorer\iexplore.exe 5052
################## | Fichiers # Dossiers infectieux |
C:\Documents and Settings\Administrator\autorun.inf
C:\WINDOWS\msa.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\System32\msxml71.dll
G:\autorun.inf
H:\autorun.inf
H:\autorun.ini
I:\autorun.inf
I:\sys
C:\Documents and Settings\Administrator\xalih.exe
C:\Documents and Settings\Administrator\xalih.scr
G:\xalih.exe
G:\xalih.scr
H:\xalih.exe
H:\xalih.scr
I:\xalih.exe
I:\xalih.scr
################## | Registre # Clés infectieuses |
[HKCU\SOFTWARE\MailBlocker]
[HKCU\SOFTWARE\XML]
[HKCU\software\microsoft\Windows\CurrentVersion\run] "xalih"
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MailBlocker"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ms32dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
[HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
[HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}]
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{3f8d903e-55f7-11de-9eb5-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{74f48fd2-4505-11de-9e70-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xALiH.exe
HKCU\..\..\Explorer\MountPoints2\{9a1a0bf6-a084-11de-9f6e-001f29b5f52a}
Shell\Auto\command =Start.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
HKCU\..\..\Explorer\MountPoints2\{a091515c-b508-11de-9f98-001f29b5f52a}
Shell\AutoRun\command =F:\WDSetup.exe
HKCU\..\..\Explorer\MountPoints2\{bab8fab2-04e1-11de-9e4e-001f29b5f52a}
Shell\Auto\command =F:\Start.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
HKCU\..\..\Explorer\MountPoints2\{c49727a0-8d64-11de-9f41-0021003bf7af}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
HKCU\..\..\Explorer\MountPoints2\{e9d129ff-d25f-11de-9fd6-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL XAlIh.EXe
HKCU\..\..\Explorer\MountPoints2\{f42cb6c8-48ff-11de-9e7e-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Xalih.EXE
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Contribute CS3\Contribute.exe"
26/04/2007 10:48 |Size 13904056 |Crc32 cc138944 |Md5 8874fd5639b7ed1eb415bc1035c38b32
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Dreamweaver CS3\Dreamweaver.exe"
26/04/2007 10:52 |Size 16087224 |Crc32 651330b4 |Md5 a1cc3853d5b588ea011b66344f83bb93
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Fireworks CS3\Fireworks.exe"
23/04/2006 19:22 |Size 27781792 |Crc32 16053930 |Md5 0315b069bc31d3b8dde7ede9b463ea56
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Flash CS3\Flash.exe"
26/04/2007 10:56 |Size 18847920 |Crc32 53f9671a |Md5 6123bd2b56c2c008d9569c92fba1f4c0
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"
26/04/2007 10:43 |Size 20180648 |Crc32 0f8c481e |Md5 54f5bc3ddbf88c28676ae5f64ecd54f3
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Photoshop CS3\Photoshop.exe"
01/05/2007 12:08 |Size 44814336 |Crc32 87941229 |Md5 8bbffd6536ef589fc2d2820f6e377abd
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Cubase + plugs\Reverb collection (22 vst + dx reverb plugins)\Wave Arts Masterverb v3.02\crack.exe"
23/10/2003 14:43 |Size 908331 |Crc32 e42b29ac |Md5 7420ad19878d3e6755da759226d73b47
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\virtualdj 5.0 + Keygen\install_virtualdj_v5.0.exe"
02/10/2008 14:48 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605
"C:\Oracle\product\10.1.0\Client_1\jdk\bin\serialver.exe"
17/09/2003 20:58 |Size 28798 |Crc32 95a182e9 |Md5 af68d7f43bbc6b05443a05fb526c50a5
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Arkaos\ArKaos_VJ_v3.6.1_FC2_KeygenAiR.zip"
Contain : ArKaos.VJ.v3.6.1.FC2.Incl.Keygen-AiR\keygen.exe
################## | ! Fin du rapport # UsbFix V6.055 ! |
############################## | UsbFix V6.055 |
User : Administrator (Administrators) # FC-EMBARK1
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 11:09:46 | 20/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 231.87 Go (180.75 Go free) # NTFS
D:\ -> Local Fixed Disk # 1 Go (857.95 Mo free) [HP_TOOLS] # FAT32
E:\ -> CD-ROM Disc
G:\ -> Local Fixed Disk # 698.64 Go (19.67 Go free) [SAM] # NTFS
H:\ -> Local Fixed Disk # 74.52 Go (12.81 Go free) # NTFS
I:\ -> Removable Disk # 967.2 Mo (114.36 Mo free) # FAT
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 636
C:\WINDOWS\system32\csrss.exe 696
C:\WINDOWS\system32\winlogon.exe 728
C:\WINDOWS\system32\services.exe 772
C:\WINDOWS\system32\lsass.exe 784
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\system32\Ati2evxx.exe 996
C:\WINDOWS\system32\svchost.exe 1020
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1092
C:\WINDOWS\system32\svchost.exe 1172
C:\WINDOWS\System32\svchost.exe 1264
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1292
C:\WINDOWS\system32\svchost.exe 1340
c:\Program Files\ActivIdentity\ActivClient\acevents.exe 1388
C:\WINDOWS\system32\svchost.exe 1480
C:\WINDOWS\system32\Ati2evxx.exe 1564
C:\WINDOWS\system32\svchost.exe 1624
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1728
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1804
C:\WINDOWS\system32\spoolsv.exe 208
C:\WINDOWS\System32\SCardSvr.exe 244
C:\WINDOWS\Explorer.EXE 692
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe 700
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe 428
C:\WINDOWS\system32\svchost.exe 548
C:\WINDOWS\system32\msdtc.exe 1100
c:\Program Files\ActivIdentity\ActivClient\accoca.exe 1456
C:\WINDOWS\msc.exe 1496
C:\WINDOWS\system32\agrsmsvc.exe 1348
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 924
C:\Program Files\Bonjour\mDNSResponder.exe 1648
C:\WINDOWS\System32\hid2ser.exe 2076
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe 2088
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe 2152
C:\WINDOWS\system32\svchost.exe 2540
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 2700
C:\WINDOWS\system32\mqsvc.exe 2780
C:\WINDOWS\system32\ctfmon.exe 2840
C:\WINDOWS\system32\mqtgsvc.exe 3392
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3452
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3488
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3536
C:\WINDOWS\System32\alg.exe 4020
C:\WINDOWS\system32\wbem\wmiprvse.exe 3024
C:\Program Files\iTunes\iTunesHelper.exe 1864
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 2772
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe 468
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 4160
C:\WINDOWS\system32\ctfmon.exe 4176
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 4200
C:\Documents and Settings\Administrator\xalih.exe 4332
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 4496
C:\Program Files\iPod\bin\iPodService.exe 4552
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe 4912
C:\Program Files\Internet Explorer\iexplore.exe 5052
################## | Fichiers # Dossiers infectieux |
C:\Documents and Settings\Administrator\autorun.inf
C:\WINDOWS\msa.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\System32\msxml71.dll
G:\autorun.inf
H:\autorun.inf
H:\autorun.ini
I:\autorun.inf
I:\sys
C:\Documents and Settings\Administrator\xalih.exe
C:\Documents and Settings\Administrator\xalih.scr
G:\xalih.exe
G:\xalih.scr
H:\xalih.exe
H:\xalih.scr
I:\xalih.exe
I:\xalih.scr
################## | Registre # Clés infectieuses |
[HKCU\SOFTWARE\MailBlocker]
[HKCU\SOFTWARE\XML]
[HKCU\software\microsoft\Windows\CurrentVersion\run] "xalih"
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MailBlocker"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ms32dll"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
[HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
[HKCR\CLSID\{500BCA15-57A7-4EAF-8143-8C619470B13D}]
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{3f8d903e-55f7-11de-9eb5-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
HKCU\..\..\Explorer\MountPoints2\{74f48fd2-4505-11de-9e70-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xALiH.exe
HKCU\..\..\Explorer\MountPoints2\{9a1a0bf6-a084-11de-9f6e-001f29b5f52a}
Shell\Auto\command =Start.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
HKCU\..\..\Explorer\MountPoints2\{a091515c-b508-11de-9f98-001f29b5f52a}
Shell\AutoRun\command =F:\WDSetup.exe
HKCU\..\..\Explorer\MountPoints2\{bab8fab2-04e1-11de-9e4e-001f29b5f52a}
Shell\Auto\command =F:\Start.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
HKCU\..\..\Explorer\MountPoints2\{c49727a0-8d64-11de-9f41-0021003bf7af}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
HKCU\..\..\Explorer\MountPoints2\{e9d129ff-d25f-11de-9fd6-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL XAlIh.EXe
HKCU\..\..\Explorer\MountPoints2\{f42cb6c8-48ff-11de-9e7e-001f29b5f52a}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Xalih.EXE
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Contribute CS3\Contribute.exe"
26/04/2007 10:48 |Size 13904056 |Crc32 cc138944 |Md5 8874fd5639b7ed1eb415bc1035c38b32
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Dreamweaver CS3\Dreamweaver.exe"
26/04/2007 10:52 |Size 16087224 |Crc32 651330b4 |Md5 a1cc3853d5b588ea011b66344f83bb93
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Fireworks CS3\Fireworks.exe"
23/04/2006 19:22 |Size 27781792 |Crc32 16053930 |Md5 0315b069bc31d3b8dde7ede9b463ea56
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Flash CS3\Flash.exe"
26/04/2007 10:56 |Size 18847920 |Crc32 53f9671a |Md5 6123bd2b56c2c008d9569c92fba1f4c0
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"
26/04/2007 10:43 |Size 20180648 |Crc32 0f8c481e |Md5 54f5bc3ddbf88c28676ae5f64ecd54f3
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Photoshop CS3\Photoshop.exe"
01/05/2007 12:08 |Size 44814336 |Crc32 87941229 |Md5 8bbffd6536ef589fc2d2820f6e377abd
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Cubase + plugs\Reverb collection (22 vst + dx reverb plugins)\Wave Arts Masterverb v3.02\crack.exe"
23/10/2003 14:43 |Size 908331 |Crc32 e42b29ac |Md5 7420ad19878d3e6755da759226d73b47
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\virtualdj 5.0 + Keygen\install_virtualdj_v5.0.exe"
02/10/2008 14:48 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605
"C:\Oracle\product\10.1.0\Client_1\jdk\bin\serialver.exe"
17/09/2003 20:58 |Size 28798 |Crc32 95a182e9 |Md5 af68d7f43bbc6b05443a05fb526c50a5
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Arkaos\ArKaos_VJ_v3.6.1_FC2_KeygenAiR.zip"
Contain : ArKaos.VJ.v3.6.1.FC2.Incl.Keygen-AiR\keygen.exe
################## | ! Fin du rapport # UsbFix V6.055 ! |
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 nov. 2009 à 18:10
20 nov. 2009 à 18:10
CE N'EST PAS FINI!
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
________________________
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
mettre a jour internet explorer
pour XP
http://download.microsoft.com/...
pour VISTA:
http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe
_____________
mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)
https://www.commentcamarche.net/telecharger/bureautique/10297-foxit-pdf-reader/
______________________
remets un rapport RSIT et dis si encore des soucis
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
________________________
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
mettre a jour internet explorer
pour XP
http://download.microsoft.com/...
pour VISTA:
http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe
_____________
mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)
https://www.commentcamarche.net/telecharger/bureautique/10297-foxit-pdf-reader/
______________________
remets un rapport RSIT et dis si encore des soucis
desole pr la reponse tardive
apres ton oeration de suppression faite j'ai un dossier zip qui s'est cree sur le bureau et dans ce zip il y avait ce fichier usbfix.txt et voici le rapport
############################## | UsbFix V6.055 |
User : Administrator (Administrators) # FC-EMBARK1
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:42:35 | 23/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 231.87 Go (180.71 Go free) # NTFS
D:\ -> Local Fixed Disk # 1 Go (857.95 Mo free) [HP_TOOLS] # FAT32
E:\ -> CD-ROM Disc
H:\ -> Local Fixed Disk # 74.52 Go (12.81 Go free) # NTFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 628
C:\WINDOWS\system32\csrss.exe 696
C:\WINDOWS\system32\winlogon.exe 732
C:\WINDOWS\system32\services.exe 780
C:\WINDOWS\system32\lsass.exe 792
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\system32\Ati2evxx.exe 1020
C:\WINDOWS\system32\svchost.exe 1052
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1140
C:\WINDOWS\system32\svchost.exe 1188
C:\WINDOWS\System32\svchost.exe 1312
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1356
C:\WINDOWS\system32\svchost.exe 1484
c:\Program Files\ActivIdentity\ActivClient\acevents.exe 1496
C:\WINDOWS\system32\Ati2evxx.exe 1568
C:\WINDOWS\system32\svchost.exe 1716
C:\WINDOWS\system32\svchost.exe 1820
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1880
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1948
C:\WINDOWS\system32\spoolsv.exe 348
C:\WINDOWS\System32\SCardSvr.exe 444
C:\WINDOWS\system32\WgaTray.exe 900
C:\Program Files\Alwil Software\Avast4\setup\avast.setup 1300
C:\WINDOWS\Explorer.EXE 1196
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe 1384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe 2452
C:\WINDOWS\system32\svchost.exe 2492
C:\WINDOWS\system32\msdtc.exe 2572
C:\WINDOWS\msd.exe 2668
c:\Program Files\ActivIdentity\ActivClient\accoca.exe 2760
C:\WINDOWS\system32\agrsmsvc.exe 2784
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2824
C:\Program Files\Bonjour\mDNSResponder.exe 2848
C:\WINDOWS\System32\hid2ser.exe 2912
C:\WINDOWS\system32\ctfmon.exe 2976
C:\WINDOWS\system32\ctfmon.exe 3252
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe 3308
C:\WINDOWS\system32\svchost.exe 3416
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 3492
C:\WINDOWS\system32\wuauclt.exe 3512
C:\WINDOWS\system32\mqsvc.exe 3556
C:\WINDOWS\system32\mqtgsvc.exe 3836
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3896
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3936
C:\WINDOWS\system32\wbem\wmiprvse.exe 3944
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3968
C:\WINDOWS\system32\wbem\wmiprvse.exe 676
C:\WINDOWS\System32\alg.exe 808
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\Documents and Settings\Administrator\autorun.inf
Supprimé ! C:\WINDOWS\msa.exe
Supprimé ! C:\WINDOWS\msb.exe
Supprimé ! C:\WINDOWS\System32\msxml71.dll
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\g.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\h.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\i.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\j.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\l.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\m.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\n.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\o.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\q.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\r.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s.exe
Supprimé ! H:\autorun.inf
Supprimé ! H:\a.bat
Supprimé ! C:\Documents and Settings\Administrator\xalih.exe
Supprimé ! C:\Documents and Settings\Administrator\xalih.scr
Supprimé ! H:\xalih.exe
Supprimé ! H:\xalih.scr
################## | Registre # Clés infectieuses |
Supprimé ! [HKCU\SOFTWARE\MailBlocker]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\software\microsoft\Windows\CurrentVersion\run] "xalih"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MailBlocker"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ms32dll"
Supprimé ! [HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{3f8d903e-55f7-11de-9eb5-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9a1a0bf6-a084-11de-9f6e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a091515c-b508-11de-9f98-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bab8fab2-04e1-11de-9e4e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c49727a0-8d64-11de-9f41-0021003bf7af}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e9d129ff-d25f-11de-9fd6-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f42cb6c8-48ff-11de-9e7e-001f29b5f52a}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/12/2008 00:24|-rahs----|223] C:\boot.ini
[20/11/2009 10:55|--a------|1787] C:\cleannavi.txt
[06/07/2009 13:10|--a------|3045754] C:\ComboFix.exe
[20/05/2009 13:05|---hs----|72] C:\desktop.ini
[?|?|?] C:\hiberfil.sys
[23/11/2009 20:41|--a------|191724] C:\hid2ser.log
[19/07/2009 11:15|--a------|4669797] C:\ICS_Dx32.exe
[26/08/2009 21:04|-rahs----|0] C:\IO.SYS
[26/08/2009 21:04|-rahs----|0] C:\MSDOS.SYS
[04/08/2004 00:00|--ahs----|47564] C:\ntdetect.com
[06/07/2009 06:10|--ahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[06/07/2009 13:30|--a------|903392] C:\spywarefighter.exe
[06/07/2009 14:56|--a------|10612621] C:\TrueSword5.exe
[23/11/2009 20:59|--a------|6222] C:\UsbFix.txt
[06/07/2009 14:44|--a------|13601528] C:\virusfighter_en.exe
[20/05/2009 14:05|---hs----|72] D:\desktop.ini
[04/04/2005 03:46|--a------|609] H:\autoAlbum.log
[28/08/2009 11:31|--a------|43] H:\autorun.iid
[28/08/2009 11:31|--a------|43] H:\autorun.old
[05/03/2005 01:20|-rahs----|216] H:\boot.ini
[05/08/2004 00:00|-rahs----|4952] H:\Bootfont.bin
[18/06/2009 19:37|--a------|55781] H:\crewbymaning.pdf
[23/06/2009 03:01|--a------|36486] H:\crewbynameman.pdf
[24/08/2006 09:57|--a------|0] H:\data.txt
[01/12/2006 04:29|---hs----|72] H:\desktop.ini
[17/06/2009 19:56|--a------|33408] H:\disembarking pqssenger.pdf
[23/06/2009 03:12|--a------|61853] H:\disembarking.pdf
[23/11/2009 20:38|--a------|287] H:\Documents .lnk
[22/06/2009 18:49|--a------|36727] H:\embarking.pdf
[06/02/2004 08:19|-ra------|16384] H:\hpqimgrc.resources.dll
[08/02/2005 09:35|-rahs----|0] H:\IO.SYS
[07/06/2009 02:39|--a------|77690152] H:\iTunesSetup.exe
[08/02/2005 09:35|-rahs----|0] H:\MSDOS.SYS
[23/11/2009 20:38|--a------|287] H:\Music .lnk
[23/11/2009 20:38|--a------|287] H:\New Folder .lnk
[05/08/2004 00:00|-rahs----|47564] H:\ntdetect.com
[05/08/2004 00:00|-rahs----|251712] H:\ntldr
[23/06/2009 03:09|--a------|60078] H:\on arrivalname.pdf
[23/11/2009 20:38|--a------|287] H:\Passwords .lnk
[16/06/2009 17:06|--a------|51819] H:\paxbycabin.pdf
[23/11/2009 20:38|--a------|287] H:\Pictures .lnk
[24/06/2005 10:59|--a------|503] H:\rpcddx.txt
[04/09/2003 03:18|--a------|15908864] H:\R‚solution incidents.doc
[06/10/2004 18:08|--a------|189] H:\sedinst2.log
[17/10/2009 13:28|--a------|705] H:\Shortcut to dossier perso.lnk
[22/03/2008 02:55|---hs----|94208] H:\Start.exe
[06/10/2004 17:50|--a------|22562] H:\sunjava.log
[23/06/2009 03:12|--a------|35729] H:\transit.pdf
[27/08/2006 18:19|--a------|0] H:\uniq
[23/11/2009 20:38|--a------|287] H:\Video .lnk
[25/08/2009 16:35|--a------|204531] H:\VirtualDJ Local Database v5.xml
[08/02/2005 10:09|--a------|1193] H:\_Sid.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Contribute CS3\Contribute.exe"
26/04/2007 10:48 |Size 13904056 |Crc32 cc138944 |Md5 8874fd5639b7ed1eb415bc1035c38b32
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Dreamweaver CS3\Dreamweaver.exe"
26/04/2007 10:52 |Size 16087224 |Crc32 651330b4 |Md5 a1cc3853d5b588ea011b66344f83bb93
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Fireworks CS3\Fireworks.exe"
23/04/2006 19:22 |Size 27781792 |Crc32 16053930 |Md5 0315b069bc31d3b8dde7ede9b463ea56
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Flash CS3\Flash.exe"
26/04/2007 10:56 |Size 18847920 |Crc32 53f9671a |Md5 6123bd2b56c2c008d9569c92fba1f4c0
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"
26/04/2007 10:43 |Size 20180648 |Crc32 0f8c481e |Md5 54f5bc3ddbf88c28676ae5f64ecd54f3
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Photoshop CS3\Photoshop.exe"
01/05/2007 12:08 |Size 44814336 |Crc32 87941229 |Md5 8bbffd6536ef589fc2d2820f6e377abd
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Cubase + plugs\Reverb collection (22 vst + dx reverb plugins)\Wave Arts Masterverb v3.02\crack.exe"
23/10/2003 14:43 |Size 908331 |Crc32 e42b29ac |Md5 7420ad19878d3e6755da759226d73b47
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\virtualdj 5.0 + Keygen\install_virtualdj_v5.0.exe"
02/10/2008 14:48 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605
"C:\Oracle\product\10.1.0\Client_1\jdk\bin\serialver.exe"
17/09/2003 20:58 |Size 28798 |Crc32 95a182e9 |Md5 af68d7f43bbc6b05443a05fb526c50a5
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Arkaos\ArKaos_VJ_v3.6.1_FC2_KeygenAiR.zip"
Contain : ArKaos.VJ.v3.6.1.FC2.Incl.Keygen-AiR\keygen.exe
apres ton oeration de suppression faite j'ai un dossier zip qui s'est cree sur le bureau et dans ce zip il y avait ce fichier usbfix.txt et voici le rapport
############################## | UsbFix V6.055 |
User : Administrator (Administrators) # FC-EMBARK1
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:42:35 | 23/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 231.87 Go (180.71 Go free) # NTFS
D:\ -> Local Fixed Disk # 1 Go (857.95 Mo free) [HP_TOOLS] # FAT32
E:\ -> CD-ROM Disc
H:\ -> Local Fixed Disk # 74.52 Go (12.81 Go free) # NTFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 628
C:\WINDOWS\system32\csrss.exe 696
C:\WINDOWS\system32\winlogon.exe 732
C:\WINDOWS\system32\services.exe 780
C:\WINDOWS\system32\lsass.exe 792
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\system32\Ati2evxx.exe 1020
C:\WINDOWS\system32\svchost.exe 1052
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1140
C:\WINDOWS\system32\svchost.exe 1188
C:\WINDOWS\System32\svchost.exe 1312
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1356
C:\WINDOWS\system32\svchost.exe 1484
c:\Program Files\ActivIdentity\ActivClient\acevents.exe 1496
C:\WINDOWS\system32\Ati2evxx.exe 1568
C:\WINDOWS\system32\svchost.exe 1716
C:\WINDOWS\system32\svchost.exe 1820
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1880
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1948
C:\WINDOWS\system32\spoolsv.exe 348
C:\WINDOWS\System32\SCardSvr.exe 444
C:\WINDOWS\system32\WgaTray.exe 900
C:\Program Files\Alwil Software\Avast4\setup\avast.setup 1300
C:\WINDOWS\Explorer.EXE 1196
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe 1384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe 2452
C:\WINDOWS\system32\svchost.exe 2492
C:\WINDOWS\system32\msdtc.exe 2572
C:\WINDOWS\msd.exe 2668
c:\Program Files\ActivIdentity\ActivClient\accoca.exe 2760
C:\WINDOWS\system32\agrsmsvc.exe 2784
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2824
C:\Program Files\Bonjour\mDNSResponder.exe 2848
C:\WINDOWS\System32\hid2ser.exe 2912
C:\WINDOWS\system32\ctfmon.exe 2976
C:\WINDOWS\system32\ctfmon.exe 3252
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe 3308
C:\WINDOWS\system32\svchost.exe 3416
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 3492
C:\WINDOWS\system32\wuauclt.exe 3512
C:\WINDOWS\system32\mqsvc.exe 3556
C:\WINDOWS\system32\mqtgsvc.exe 3836
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3896
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3936
C:\WINDOWS\system32\wbem\wmiprvse.exe 3944
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3968
C:\WINDOWS\system32\wbem\wmiprvse.exe 676
C:\WINDOWS\System32\alg.exe 808
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\Documents and Settings\Administrator\autorun.inf
Supprimé ! C:\WINDOWS\msa.exe
Supprimé ! C:\WINDOWS\msb.exe
Supprimé ! C:\WINDOWS\System32\msxml71.dll
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\g.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\h.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\i.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\j.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\l.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\m.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\n.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\o.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\q.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\r.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s.exe
Supprimé ! H:\autorun.inf
Supprimé ! H:\a.bat
Supprimé ! C:\Documents and Settings\Administrator\xalih.exe
Supprimé ! C:\Documents and Settings\Administrator\xalih.scr
Supprimé ! H:\xalih.exe
Supprimé ! H:\xalih.scr
################## | Registre # Clés infectieuses |
Supprimé ! [HKCU\SOFTWARE\MailBlocker]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\software\microsoft\Windows\CurrentVersion\run] "xalih"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MailBlocker"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ms32dll"
Supprimé ! [HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{3f8d903e-55f7-11de-9eb5-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9a1a0bf6-a084-11de-9f6e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a091515c-b508-11de-9f98-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bab8fab2-04e1-11de-9e4e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c49727a0-8d64-11de-9f41-0021003bf7af}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e9d129ff-d25f-11de-9fd6-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f42cb6c8-48ff-11de-9e7e-001f29b5f52a}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/12/2008 00:24|-rahs----|223] C:\boot.ini
[20/11/2009 10:55|--a------|1787] C:\cleannavi.txt
[06/07/2009 13:10|--a------|3045754] C:\ComboFix.exe
[20/05/2009 13:05|---hs----|72] C:\desktop.ini
[?|?|?] C:\hiberfil.sys
[23/11/2009 20:41|--a------|191724] C:\hid2ser.log
[19/07/2009 11:15|--a------|4669797] C:\ICS_Dx32.exe
[26/08/2009 21:04|-rahs----|0] C:\IO.SYS
[26/08/2009 21:04|-rahs----|0] C:\MSDOS.SYS
[04/08/2004 00:00|--ahs----|47564] C:\ntdetect.com
[06/07/2009 06:10|--ahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[06/07/2009 13:30|--a------|903392] C:\spywarefighter.exe
[06/07/2009 14:56|--a------|10612621] C:\TrueSword5.exe
[23/11/2009 20:59|--a------|6222] C:\UsbFix.txt
[06/07/2009 14:44|--a------|13601528] C:\virusfighter_en.exe
[20/05/2009 14:05|---hs----|72] D:\desktop.ini
[04/04/2005 03:46|--a------|609] H:\autoAlbum.log
[28/08/2009 11:31|--a------|43] H:\autorun.iid
[28/08/2009 11:31|--a------|43] H:\autorun.old
[05/03/2005 01:20|-rahs----|216] H:\boot.ini
[05/08/2004 00:00|-rahs----|4952] H:\Bootfont.bin
[18/06/2009 19:37|--a------|55781] H:\crewbymaning.pdf
[23/06/2009 03:01|--a------|36486] H:\crewbynameman.pdf
[24/08/2006 09:57|--a------|0] H:\data.txt
[01/12/2006 04:29|---hs----|72] H:\desktop.ini
[17/06/2009 19:56|--a------|33408] H:\disembarking pqssenger.pdf
[23/06/2009 03:12|--a------|61853] H:\disembarking.pdf
[23/11/2009 20:38|--a------|287] H:\Documents .lnk
[22/06/2009 18:49|--a------|36727] H:\embarking.pdf
[06/02/2004 08:19|-ra------|16384] H:\hpqimgrc.resources.dll
[08/02/2005 09:35|-rahs----|0] H:\IO.SYS
[07/06/2009 02:39|--a------|77690152] H:\iTunesSetup.exe
[08/02/2005 09:35|-rahs----|0] H:\MSDOS.SYS
[23/11/2009 20:38|--a------|287] H:\Music .lnk
[23/11/2009 20:38|--a------|287] H:\New Folder .lnk
[05/08/2004 00:00|-rahs----|47564] H:\ntdetect.com
[05/08/2004 00:00|-rahs----|251712] H:\ntldr
[23/06/2009 03:09|--a------|60078] H:\on arrivalname.pdf
[23/11/2009 20:38|--a------|287] H:\Passwords .lnk
[16/06/2009 17:06|--a------|51819] H:\paxbycabin.pdf
[23/11/2009 20:38|--a------|287] H:\Pictures .lnk
[24/06/2005 10:59|--a------|503] H:\rpcddx.txt
[04/09/2003 03:18|--a------|15908864] H:\R‚solution incidents.doc
[06/10/2004 18:08|--a------|189] H:\sedinst2.log
[17/10/2009 13:28|--a------|705] H:\Shortcut to dossier perso.lnk
[22/03/2008 02:55|---hs----|94208] H:\Start.exe
[06/10/2004 17:50|--a------|22562] H:\sunjava.log
[23/06/2009 03:12|--a------|35729] H:\transit.pdf
[27/08/2006 18:19|--a------|0] H:\uniq
[23/11/2009 20:38|--a------|287] H:\Video .lnk
[25/08/2009 16:35|--a------|204531] H:\VirtualDJ Local Database v5.xml
[08/02/2005 10:09|--a------|1193] H:\_Sid.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Contribute CS3\Contribute.exe"
26/04/2007 10:48 |Size 13904056 |Crc32 cc138944 |Md5 8874fd5639b7ed1eb415bc1035c38b32
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Dreamweaver CS3\Dreamweaver.exe"
26/04/2007 10:52 |Size 16087224 |Crc32 651330b4 |Md5 a1cc3853d5b588ea011b66344f83bb93
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Fireworks CS3\Fireworks.exe"
23/04/2006 19:22 |Size 27781792 |Crc32 16053930 |Md5 0315b069bc31d3b8dde7ede9b463ea56
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Flash CS3\Flash.exe"
26/04/2007 10:56 |Size 18847920 |Crc32 53f9671a |Md5 6123bd2b56c2c008d9569c92fba1f4c0
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"
26/04/2007 10:43 |Size 20180648 |Crc32 0f8c481e |Md5 54f5bc3ddbf88c28676ae5f64ecd54f3
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Photoshop CS3\Photoshop.exe"
01/05/2007 12:08 |Size 44814336 |Crc32 87941229 |Md5 8bbffd6536ef589fc2d2820f6e377abd
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Cubase + plugs\Reverb collection (22 vst + dx reverb plugins)\Wave Arts Masterverb v3.02\crack.exe"
23/10/2003 14:43 |Size 908331 |Crc32 e42b29ac |Md5 7420ad19878d3e6755da759226d73b47
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\virtualdj 5.0 + Keygen\install_virtualdj_v5.0.exe"
02/10/2008 14:48 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605
"C:\Oracle\product\10.1.0\Client_1\jdk\bin\serialver.exe"
17/09/2003 20:58 |Size 28798 |Crc32 95a182e9 |Md5 af68d7f43bbc6b05443a05fb526c50a5
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Arkaos\ArKaos_VJ_v3.6.1_FC2_KeygenAiR.zip"
Contain : ArKaos.VJ.v3.6.1.FC2.Incl.Keygen-AiR\keygen.exe
desole pr la reponse tardive
apres ton oeration de suppression faite j'ai un dossier zip qui s'est cree sur le bureau et dans ce zip il y avait ce fichier usbfix.txt et voici le rapport
############################## | UsbFix V6.055 |
User : Administrator (Administrators) # FC-EMBARK1
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:42:35 | 23/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 231.87 Go (180.71 Go free) # NTFS
D:\ -> Local Fixed Disk # 1 Go (857.95 Mo free) [HP_TOOLS] # FAT32
E:\ -> CD-ROM Disc
H:\ -> Local Fixed Disk # 74.52 Go (12.81 Go free) # NTFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 628
C:\WINDOWS\system32\csrss.exe 696
C:\WINDOWS\system32\winlogon.exe 732
C:\WINDOWS\system32\services.exe 780
C:\WINDOWS\system32\lsass.exe 792
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\system32\Ati2evxx.exe 1020
C:\WINDOWS\system32\svchost.exe 1052
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1140
C:\WINDOWS\system32\svchost.exe 1188
C:\WINDOWS\System32\svchost.exe 1312
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1356
C:\WINDOWS\system32\svchost.exe 1484
c:\Program Files\ActivIdentity\ActivClient\acevents.exe 1496
C:\WINDOWS\system32\Ati2evxx.exe 1568
C:\WINDOWS\system32\svchost.exe 1716
C:\WINDOWS\system32\svchost.exe 1820
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1880
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1948
C:\WINDOWS\system32\spoolsv.exe 348
C:\WINDOWS\System32\SCardSvr.exe 444
C:\WINDOWS\system32\WgaTray.exe 900
C:\Program Files\Alwil Software\Avast4\setup\avast.setup 1300
C:\WINDOWS\Explorer.EXE 1196
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe 1384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe 2452
C:\WINDOWS\system32\svchost.exe 2492
C:\WINDOWS\system32\msdtc.exe 2572
C:\WINDOWS\msd.exe 2668
c:\Program Files\ActivIdentity\ActivClient\accoca.exe 2760
C:\WINDOWS\system32\agrsmsvc.exe 2784
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2824
C:\Program Files\Bonjour\mDNSResponder.exe 2848
C:\WINDOWS\System32\hid2ser.exe 2912
C:\WINDOWS\system32\ctfmon.exe 2976
C:\WINDOWS\system32\ctfmon.exe 3252
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe 3308
C:\WINDOWS\system32\svchost.exe 3416
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 3492
C:\WINDOWS\system32\wuauclt.exe 3512
C:\WINDOWS\system32\mqsvc.exe 3556
C:\WINDOWS\system32\mqtgsvc.exe 3836
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3896
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3936
C:\WINDOWS\system32\wbem\wmiprvse.exe 3944
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3968
C:\WINDOWS\system32\wbem\wmiprvse.exe 676
C:\WINDOWS\System32\alg.exe 808
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\Documents and Settings\Administrator\autorun.inf
Supprimé ! C:\WINDOWS\msa.exe
Supprimé ! C:\WINDOWS\msb.exe
Supprimé ! C:\WINDOWS\System32\msxml71.dll
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\g.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\h.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\i.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\j.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\l.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\m.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\n.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\o.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\q.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\r.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s.exe
Supprimé ! H:\autorun.inf
Supprimé ! H:\a.bat
Supprimé ! C:\Documents and Settings\Administrator\xalih.exe
Supprimé ! C:\Documents and Settings\Administrator\xalih.scr
Supprimé ! H:\xalih.exe
Supprimé ! H:\xalih.scr
################## | Registre # Clés infectieuses |
Supprimé ! [HKCU\SOFTWARE\MailBlocker]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\software\microsoft\Windows\CurrentVersion\run] "xalih"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MailBlocker"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ms32dll"
Supprimé ! [HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{3f8d903e-55f7-11de-9eb5-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9a1a0bf6-a084-11de-9f6e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a091515c-b508-11de-9f98-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bab8fab2-04e1-11de-9e4e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c49727a0-8d64-11de-9f41-0021003bf7af}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e9d129ff-d25f-11de-9fd6-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f42cb6c8-48ff-11de-9e7e-001f29b5f52a}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/12/2008 00:24|-rahs----|223] C:\boot.ini
[20/11/2009 10:55|--a------|1787] C:\cleannavi.txt
[06/07/2009 13:10|--a------|3045754] C:\ComboFix.exe
[20/05/2009 13:05|---hs----|72] C:\desktop.ini
[?|?|?] C:\hiberfil.sys
[23/11/2009 20:41|--a------|191724] C:\hid2ser.log
[19/07/2009 11:15|--a------|4669797] C:\ICS_Dx32.exe
[26/08/2009 21:04|-rahs----|0] C:\IO.SYS
[26/08/2009 21:04|-rahs----|0] C:\MSDOS.SYS
[04/08/2004 00:00|--ahs----|47564] C:\ntdetect.com
[06/07/2009 06:10|--ahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[06/07/2009 13:30|--a------|903392] C:\spywarefighter.exe
[06/07/2009 14:56|--a------|10612621] C:\TrueSword5.exe
[23/11/2009 20:59|--a------|6222] C:\UsbFix.txt
[06/07/2009 14:44|--a------|13601528] C:\virusfighter_en.exe
[20/05/2009 14:05|---hs----|72] D:\desktop.ini
[04/04/2005 03:46|--a------|609] H:\autoAlbum.log
[28/08/2009 11:31|--a------|43] H:\autorun.iid
[28/08/2009 11:31|--a------|43] H:\autorun.old
[05/03/2005 01:20|-rahs----|216] H:\boot.ini
[05/08/2004 00:00|-rahs----|4952] H:\Bootfont.bin
[18/06/2009 19:37|--a------|55781] H:\crewbymaning.pdf
[23/06/2009 03:01|--a------|36486] H:\crewbynameman.pdf
[24/08/2006 09:57|--a------|0] H:\data.txt
[01/12/2006 04:29|---hs----|72] H:\desktop.ini
[17/06/2009 19:56|--a------|33408] H:\disembarking pqssenger.pdf
[23/06/2009 03:12|--a------|61853] H:\disembarking.pdf
[23/11/2009 20:38|--a------|287] H:\Documents .lnk
[22/06/2009 18:49|--a------|36727] H:\embarking.pdf
[06/02/2004 08:19|-ra------|16384] H:\hpqimgrc.resources.dll
[08/02/2005 09:35|-rahs----|0] H:\IO.SYS
[07/06/2009 02:39|--a------|77690152] H:\iTunesSetup.exe
[08/02/2005 09:35|-rahs----|0] H:\MSDOS.SYS
[23/11/2009 20:38|--a------|287] H:\Music .lnk
[23/11/2009 20:38|--a------|287] H:\New Folder .lnk
[05/08/2004 00:00|-rahs----|47564] H:\ntdetect.com
[05/08/2004 00:00|-rahs----|251712] H:\ntldr
[23/06/2009 03:09|--a------|60078] H:\on arrivalname.pdf
[23/11/2009 20:38|--a------|287] H:\Passwords .lnk
[16/06/2009 17:06|--a------|51819] H:\paxbycabin.pdf
[23/11/2009 20:38|--a------|287] H:\Pictures .lnk
[24/06/2005 10:59|--a------|503] H:\rpcddx.txt
[04/09/2003 03:18|--a------|15908864] H:\R‚solution incidents.doc
[06/10/2004 18:08|--a------|189] H:\sedinst2.log
[17/10/2009 13:28|--a------|705] H:\Shortcut to dossier perso.lnk
[22/03/2008 02:55|---hs----|94208] H:\Start.exe
[06/10/2004 17:50|--a------|22562] H:\sunjava.log
[23/06/2009 03:12|--a------|35729] H:\transit.pdf
[27/08/2006 18:19|--a------|0] H:\uniq
[23/11/2009 20:38|--a------|287] H:\Video .lnk
[25/08/2009 16:35|--a------|204531] H:\VirtualDJ Local Database v5.xml
[08/02/2005 10:09|--a------|1193] H:\_Sid.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Contribute CS3\Contribute.exe"
26/04/2007 10:48 |Size 13904056 |Crc32 cc138944 |Md5 8874fd5639b7ed1eb415bc1035c38b32
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Dreamweaver CS3\Dreamweaver.exe"
26/04/2007 10:52 |Size 16087224 |Crc32 651330b4 |Md5 a1cc3853d5b588ea011b66344f83bb93
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Fireworks CS3\Fireworks.exe"
23/04/2006 19:22 |Size 27781792 |Crc32 16053930 |Md5 0315b069bc31d3b8dde7ede9b463ea56
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Flash CS3\Flash.exe"
26/04/2007 10:56 |Size 18847920 |Crc32 53f9671a |Md5 6123bd2b56c2c008d9569c92fba1f4c0
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"
26/04/2007 10:43 |Size 20180648 |Crc32 0f8c481e |Md5 54f5bc3ddbf88c28676ae5f64ecd54f3
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Photoshop CS3\Photoshop.exe"
01/05/2007 12:08 |Size 44814336 |Crc32 87941229 |Md5 8bbffd6536ef589fc2d2820f6e377abd
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Cubase + plugs\Reverb collection (22 vst + dx reverb plugins)\Wave Arts Masterverb v3.02\crack.exe"
23/10/2003 14:43 |Size 908331 |Crc32 e42b29ac |Md5 7420ad19878d3e6755da759226d73b47
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\virtualdj 5.0 + Keygen\install_virtualdj_v5.0.exe"
02/10/2008 14:48 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605
"C:\Oracle\product\10.1.0\Client_1\jdk\bin\serialver.exe"
17/09/2003 20:58 |Size 28798 |Crc32 95a182e9 |Md5 af68d7f43bbc6b05443a05fb526c50a5
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Arkaos\ArKaos_VJ_v3.6.1_FC2_KeygenAiR.zip"
Contain : ArKaos.VJ.v3.6.1.FC2.Incl.Keygen-AiR\keygen.exe
apres ton oeration de suppression faite j'ai un dossier zip qui s'est cree sur le bureau et dans ce zip il y avait ce fichier usbfix.txt et voici le rapport
############################## | UsbFix V6.055 |
User : Administrator (Administrators) # FC-EMBARK1
Update on 18/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 20:42:35 | 23/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Turion(tm)X2 Dual Core Mobile RM-70
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1296 [VPS 091023-0] 4.8.1296 [ Enabled | (!) Outdated ]
C:\ -> Local Fixed Disk # 231.87 Go (180.71 Go free) # NTFS
D:\ -> Local Fixed Disk # 1 Go (857.95 Mo free) [HP_TOOLS] # FAT32
E:\ -> CD-ROM Disc
H:\ -> Local Fixed Disk # 74.52 Go (12.81 Go free) # NTFS
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 628
C:\WINDOWS\system32\csrss.exe 696
C:\WINDOWS\system32\winlogon.exe 732
C:\WINDOWS\system32\services.exe 780
C:\WINDOWS\system32\lsass.exe 792
C:\WINDOWS\System32\svchost.exe 968
C:\WINDOWS\system32\Ati2evxx.exe 1020
C:\WINDOWS\system32\svchost.exe 1052
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe 1140
C:\WINDOWS\system32\svchost.exe 1188
C:\WINDOWS\System32\svchost.exe 1312
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 1356
C:\WINDOWS\system32\svchost.exe 1484
c:\Program Files\ActivIdentity\ActivClient\acevents.exe 1496
C:\WINDOWS\system32\Ati2evxx.exe 1568
C:\WINDOWS\system32\svchost.exe 1716
C:\WINDOWS\system32\svchost.exe 1820
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1880
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1948
C:\WINDOWS\system32\spoolsv.exe 348
C:\WINDOWS\System32\SCardSvr.exe 444
C:\WINDOWS\system32\WgaTray.exe 900
C:\Program Files\Alwil Software\Avast4\setup\avast.setup 1300
C:\WINDOWS\Explorer.EXE 1196
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe 1384
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe 2452
C:\WINDOWS\system32\svchost.exe 2492
C:\WINDOWS\system32\msdtc.exe 2572
C:\WINDOWS\msd.exe 2668
c:\Program Files\ActivIdentity\ActivClient\accoca.exe 2760
C:\WINDOWS\system32\agrsmsvc.exe 2784
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2824
C:\Program Files\Bonjour\mDNSResponder.exe 2848
C:\WINDOWS\System32\hid2ser.exe 2912
C:\WINDOWS\system32\ctfmon.exe 2976
C:\WINDOWS\system32\ctfmon.exe 3252
C:\Oracle\product\10.1.0\Client_1\bin\omtsreco.exe 3308
C:\WINDOWS\system32\svchost.exe 3416
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 3492
C:\WINDOWS\system32\wuauclt.exe 3512
C:\WINDOWS\system32\mqsvc.exe 3556
C:\WINDOWS\system32\mqtgsvc.exe 3836
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3896
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3936
C:\WINDOWS\system32\wbem\wmiprvse.exe 3944
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3968
C:\WINDOWS\system32\wbem\wmiprvse.exe 676
C:\WINDOWS\System32\alg.exe 808
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\Documents and Settings\Administrator\autorun.inf
Supprimé ! C:\WINDOWS\msa.exe
Supprimé ! C:\WINDOWS\msb.exe
Supprimé ! C:\WINDOWS\System32\msxml71.dll
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\f.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\g.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\h.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\i.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\j.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\k.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\l.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\m.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\n.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\o.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\p.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\q.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\r.exe
Supprimé ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\s.exe
Supprimé ! H:\autorun.inf
Supprimé ! H:\a.bat
Supprimé ! C:\Documents and Settings\Administrator\xalih.exe
Supprimé ! C:\Documents and Settings\Administrator\xalih.scr
Supprimé ! H:\xalih.exe
Supprimé ! H:\xalih.scr
################## | Registre # Clés infectieuses |
Supprimé ! [HKCU\SOFTWARE\MailBlocker]
Supprimé ! [HKCU\SOFTWARE\XML]
Supprimé ! [HKCU\software\microsoft\Windows\CurrentVersion\run] "xalih"
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MailBlocker"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "ms32dll"
Supprimé ! [HKLM\Software\Classes\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{3f8d903e-55f7-11de-9eb5-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9a1a0bf6-a084-11de-9f6e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a091515c-b508-11de-9f98-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{bab8fab2-04e1-11de-9e4e-001f29b5f52a}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c49727a0-8d64-11de-9f41-0021003bf7af}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e9d129ff-d25f-11de-9fd6-001f29b5f52a}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f42cb6c8-48ff-11de-9e7e-001f29b5f52a}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[19/12/2008 00:24|-rahs----|223] C:\boot.ini
[20/11/2009 10:55|--a------|1787] C:\cleannavi.txt
[06/07/2009 13:10|--a------|3045754] C:\ComboFix.exe
[20/05/2009 13:05|---hs----|72] C:\desktop.ini
[?|?|?] C:\hiberfil.sys
[23/11/2009 20:41|--a------|191724] C:\hid2ser.log
[19/07/2009 11:15|--a------|4669797] C:\ICS_Dx32.exe
[26/08/2009 21:04|-rahs----|0] C:\IO.SYS
[26/08/2009 21:04|-rahs----|0] C:\MSDOS.SYS
[04/08/2004 00:00|--ahs----|47564] C:\ntdetect.com
[06/07/2009 06:10|--ahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[06/07/2009 13:30|--a------|903392] C:\spywarefighter.exe
[06/07/2009 14:56|--a------|10612621] C:\TrueSword5.exe
[23/11/2009 20:59|--a------|6222] C:\UsbFix.txt
[06/07/2009 14:44|--a------|13601528] C:\virusfighter_en.exe
[20/05/2009 14:05|---hs----|72] D:\desktop.ini
[04/04/2005 03:46|--a------|609] H:\autoAlbum.log
[28/08/2009 11:31|--a------|43] H:\autorun.iid
[28/08/2009 11:31|--a------|43] H:\autorun.old
[05/03/2005 01:20|-rahs----|216] H:\boot.ini
[05/08/2004 00:00|-rahs----|4952] H:\Bootfont.bin
[18/06/2009 19:37|--a------|55781] H:\crewbymaning.pdf
[23/06/2009 03:01|--a------|36486] H:\crewbynameman.pdf
[24/08/2006 09:57|--a------|0] H:\data.txt
[01/12/2006 04:29|---hs----|72] H:\desktop.ini
[17/06/2009 19:56|--a------|33408] H:\disembarking pqssenger.pdf
[23/06/2009 03:12|--a------|61853] H:\disembarking.pdf
[23/11/2009 20:38|--a------|287] H:\Documents .lnk
[22/06/2009 18:49|--a------|36727] H:\embarking.pdf
[06/02/2004 08:19|-ra------|16384] H:\hpqimgrc.resources.dll
[08/02/2005 09:35|-rahs----|0] H:\IO.SYS
[07/06/2009 02:39|--a------|77690152] H:\iTunesSetup.exe
[08/02/2005 09:35|-rahs----|0] H:\MSDOS.SYS
[23/11/2009 20:38|--a------|287] H:\Music .lnk
[23/11/2009 20:38|--a------|287] H:\New Folder .lnk
[05/08/2004 00:00|-rahs----|47564] H:\ntdetect.com
[05/08/2004 00:00|-rahs----|251712] H:\ntldr
[23/06/2009 03:09|--a------|60078] H:\on arrivalname.pdf
[23/11/2009 20:38|--a------|287] H:\Passwords .lnk
[16/06/2009 17:06|--a------|51819] H:\paxbycabin.pdf
[23/11/2009 20:38|--a------|287] H:\Pictures .lnk
[24/06/2005 10:59|--a------|503] H:\rpcddx.txt
[04/09/2003 03:18|--a------|15908864] H:\R‚solution incidents.doc
[06/10/2004 18:08|--a------|189] H:\sedinst2.log
[17/10/2009 13:28|--a------|705] H:\Shortcut to dossier perso.lnk
[22/03/2008 02:55|---hs----|94208] H:\Start.exe
[06/10/2004 17:50|--a------|22562] H:\sunjava.log
[23/06/2009 03:12|--a------|35729] H:\transit.pdf
[27/08/2006 18:19|--a------|0] H:\uniq
[23/11/2009 20:38|--a------|287] H:\Video .lnk
[25/08/2009 16:35|--a------|204531] H:\VirtualDJ Local Database v5.xml
[08/02/2005 10:09|--a------|1193] H:\_Sid.txt
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# H:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Contribute CS3\Contribute.exe"
26/04/2007 10:48 |Size 13904056 |Crc32 cc138944 |Md5 8874fd5639b7ed1eb415bc1035c38b32
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Dreamweaver CS3\Dreamweaver.exe"
26/04/2007 10:52 |Size 16087224 |Crc32 651330b4 |Md5 a1cc3853d5b588ea011b66344f83bb93
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Fireworks CS3\Fireworks.exe"
23/04/2006 19:22 |Size 27781792 |Crc32 16053930 |Md5 0315b069bc31d3b8dde7ede9b463ea56
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Flash CS3\Flash.exe"
26/04/2007 10:56 |Size 18847920 |Crc32 53f9671a |Md5 6123bd2b56c2c008d9569c92fba1f4c0
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe"
26/04/2007 10:43 |Size 20180648 |Crc32 0f8c481e |Md5 54f5bc3ddbf88c28676ae5f64ecd54f3
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Adobe CS3 Master\Crack Adobe CS3\Adobe Photoshop CS3\Photoshop.exe"
01/05/2007 12:08 |Size 44814336 |Crc32 87941229 |Md5 8bbffd6536ef589fc2d2820f6e377abd
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Cubase + plugs\Reverb collection (22 vst + dx reverb plugins)\Wave Arts Masterverb v3.02\crack.exe"
23/10/2003 14:43 |Size 908331 |Crc32 e42b29ac |Md5 7420ad19878d3e6755da759226d73b47
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\virtualdj 5.0 + Keygen\install_virtualdj_v5.0.exe"
02/10/2008 14:48 |Size 10691444 |Crc32 e8d0bc68 |Md5 92e43f7960b04a41e3f868a13fac9605
"C:\Oracle\product\10.1.0\Client_1\jdk\bin\serialver.exe"
17/09/2003 20:58 |Size 28798 |Crc32 95a182e9 |Md5 af68d7f43bbc6b05443a05fb526c50a5
"C:\Documents and Settings\Administrator\Desktop\sauvegarde\LOGICIEL\Arkaos\ArKaos_VJ_v3.6.1_FC2_KeygenAiR.zip"
Contain : ArKaos.VJ.v3.6.1.FC2.Incl.Keygen-AiR\keygen.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 nov. 2009 à 10:17
24 nov. 2009 à 10:17
ok fais le reste donné
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 nov. 2009 à 13:00
25 nov. 2009 à 13:00
tu as les rapports pour vérifier?
et voici le rapport...
Fix Navipromo version 4.0.5 commencé le 25/11/2009 22:19:05.46
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm)X2 Dual Core Mobile RM-70 )
BIOS : Default System BIOS
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 091124-0] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:231 Go (Free:180 Go)
D:\ (Local Disk) - FAT32 - Total:1 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:168 Go)
H:\ (Local Disk) - NTFS - Total:698 Go (Free:15 Go)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvée/b
*** Scan terminé 25/11/2009 22:19:31.53 ***
Fix Navipromo version 4.0.5 commencé le 25/11/2009 22:19:05.46
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 10.11.2009 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Turion(tm)X2 Dual Core Mobile RM-70 )
BIOS : Default System BIOS
USER : Administrator ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 091124-0] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:231 Go (Free:180 Go)
D:\ (Local Disk) - FAT32 - Total:1 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
G:\ (Local Disk) - NTFS - Total:465 Go (Free:168 Go)
H:\ (Local Disk) - NTFS - Total:698 Go (Free:15 Go)
Recherche executée en mode normal
[b]Aucune Infection Navipromo/Egdaccess trouvée/b
*** Scan terminé 25/11/2009 22:19:31.53 ***
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
26 nov. 2009 à 11:45
26 nov. 2009 à 11:45
ce n'est pas ce qui etait demandé !
voici le rapport...
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3221
Windows 5.1.2600 Service Pack 3
23/11/2009 21:42:36
mbam-log-2009-11-23 (21-42-36).txt
Type de recherche: Examen rapide
Eléments examinés: 110116
Temps écoulé: 7 minute(s), 2 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\msd.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mailblocker (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3221
Windows 5.1.2600 Service Pack 3
23/11/2009 21:42:36
mbam-log-2009-11-23 (21-42-36).txt
Type de recherche: Examen rapide
Eléments examinés: 110116
Temps écoulé: 7 minute(s), 2 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\msd.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mailblocker (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Documents and Settings\Administrator\Local Settings\Temp\b.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
27 nov. 2009 à 09:46
27 nov. 2009 à 09:46
ok fais le reste
