Mon ordi rame
akme23
Messages postés
4
Statut
Membre
-
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
jfkpresident Messages postés 13877 Statut Contributeur sécurité -
Bonjour, mon ordi rame voici le log fait avec RSIT d'avance merci
Logfile of random's system information tool 1.08 (written by random/random)
Run by acrid at 2011-06-28 19:08:42
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 11 GB (12%) free of 93 GB
Total RAM: 2943 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:08:46, on 28/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
E:\Program Files\Creative\Shared Files\CTDevSrv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
E:\WINDOWS\system32\nvsvc32.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Hotspot Shield\bin\openvpntray.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Hotspot Shield\bin\openvpn.exe
E:\Documents and Settings\acrid\Desktop\RSIT.exe
E:\Program Files\trend micro\acrid.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.gooofullsearch.com/bar
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61495
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G520] E:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ScratchAmp] E:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [HKCU] E:\WINDOWS\msn\msn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O9 - Extra 'Tools' menuitem: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS3\Services\Tcpip\..\{222AE077-0E75-4848-A324-0FECA1270ED2}: NameServer = 10.29.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - E:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7292 bytes
======Scheduled tasks folder======
E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ACRIDTPR38-acrid.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-11 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - E:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2011-05-25 233288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB07458 Class - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll [2010-06-18 2604032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Free software Gooofull toolbar - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll [2010-06-18 2604032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG DWL-G520"=E:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe [2008-10-07 1331200]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2008-08-01 13529088]
"ScratchAmp"=E:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe [2004-11-18 1363968]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2008-08-01 86016]
"TaskTray"= []
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU"=E:\WINDOWS\msn\msn.exe [2006-02-20 289792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
E:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2007-12-11 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
E:\WINDOWS\msn\msn.exe [2006-02-20 289792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
E:\WINDOWS\msn\msn.exe [2006-02-20 289792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
E:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
E:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"E:\Program Files\Skype\Plugin Manager\skypePM.exe"="E:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\SoulseekNS\slsk.exe"="E:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"E:\WINDOWS\Temp\~os55.tmp\rlvknlg.exe"="E:\WINDOWS\Temp\~os55.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"E:\Program Files\Spotify\spotify.exe"="E:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"e:\program files\relevantknowledge\rlvknlg.exe"="e:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"E:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="E:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"E:\Documents and Settings\acrid\Application Data\Dropbox\bin\Dropbox.exe"="E:\Documents and Settings\acrid\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"E:\Program Files\Google\Google Earth\plugin\geplugin.exe"="E:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"E:\Program Files\Hotspot Shield\bin\openvpntray.exe"="E:\Program Files\Hotspot Shield\bin\openvpntray.exe:*:Enabled:Hotspot Shield Launch"
"C:\Program Files\aircrack-ng-1.1-win\bin\buddy-ng.exe"="C:\Program Files\aircrack-ng-1.1-win\bin\buddy-ng.exe:*:Disabled:buddy-ng"
"E:\Program Files\cacaoweb\cacaoweb.exe"="E:\Program Files\cacaoweb\cacaoweb.exe:*:Disabled:cacaoweb"
"E:\Program Files\eMule\emule.exe"="E:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"E:\Program Files\IP Hider\IP Hider.exe"="E:\Program Files\IP Hider\IP Hider.exe:*:Disabled:IP Hider"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - open - "E:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 3 months======
2011-06-28 19:05:55 ----D---- E:\rsit
2011-06-28 19:05:55 ----D---- E:\Program Files\trend micro
2011-06-28 18:25:15 ----D---- E:\Documents and Settings\All Users\Application Data\hssff
2011-06-28 18:02:28 ----D---- E:\Documents and Settings\acrid\Application Data\PropMgrAsync
2011-06-28 18:02:28 ----D---- E:\Documents and Settings\acrid\Application Data\PlayerPlug
2011-06-28 18:02:24 ----D---- E:\Documents and Settings\acrid\Application Data\Toolbar4
2011-06-28 18:00:54 ----D---- E:\Program Files\Hotspot Shield 1.10
2011-06-28 17:49:21 ----D---- E:\Program Files\Hotspot Shield
2011-06-28 17:38:53 ----A---- E:\WINDOWS\system32\PCProxyOff.ini
2011-06-28 17:24:42 ----D---- E:\Documents and Settings\acrid\Application Data\GetRightToGo
2011-06-28 13:34:04 ----A---- E:\WINDOWS\system32\muweb.dll
2011-06-28 13:34:04 ----A---- E:\WINDOWS\system32\mucltui.dll.mui
2011-06-28 13:34:04 ----A---- E:\WINDOWS\system32\mucltui.dll
2011-06-16 17:47:40 ----HDC---- E:\WINDOWS\$NtUninstallKB2530548$
2011-06-16 17:47:31 ----HDC---- E:\WINDOWS\$NtUninstallKB2476490$
2011-06-16 17:47:26 ----HDC---- E:\WINDOWS\$NtUninstallKB2503665$
2011-06-16 17:47:19 ----HDC---- E:\WINDOWS\$NtUninstallKB2535512$
2011-06-16 17:47:13 ----HDC---- E:\WINDOWS\$NtUninstallKB2536276$
2011-06-16 17:47:05 ----HDC---- E:\WINDOWS\$NtUninstallKB2544893$
2011-06-16 14:12:15 ----D---- E:\Documents and Settings\acrid\Application Data\Creative
2011-06-16 14:08:44 ----D---- E:\Documents and Settings\All Users\Application Data\Creative
2011-06-16 14:08:38 ----HD---- E:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2011-06-16 14:07:42 ----D---- E:\Program Files\Creative
2011-06-16 14:07:38 ----HD---- E:\Documents and Settings\All Users\Application Data\{C17AF33A-CB54-4FE4-B040-6A7B33EE90D2}
2011-06-15 17:38:23 ----D---- E:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2011-06-10 20:28:21 ----D---- E:\Program Files\Driver-Soft
2011-06-09 13:40:22 ----N---- E:\WINDOWS\system32\spmsg.dll
2011-06-08 01:10:30 ----HDC---- E:\WINDOWS\$NtUninstallWMFDist11$
2011-06-06 18:57:26 ----D---- E:\Documents and Settings\acrid\Application Data\Daichi
2011-05-25 01:40:12 ----A---- E:\WINDOWS\system32\drivers\HssDrv.sys
2011-05-13 17:10:17 ----D---- E:\Documents and Settings\acrid\Application Data\Nokia
2011-05-13 17:10:15 ----D---- E:\Documents and Settings\acrid\Application Data\PC Suite
2011-05-13 17:10:14 ----D---- E:\Documents and Settings\All Users\Application Data\PC Suite
2011-05-13 17:09:39 ----D---- E:\Program Files\DIFX
2011-05-13 17:09:38 ----A---- E:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-05-13 17:09:32 ----D---- E:\Program Files\PC Connectivity Solution
2011-05-13 17:09:20 ----D---- E:\Program Files\Nokia
2011-05-13 17:09:20 ----A---- E:\WINDOWS\system32\nmwcdcls.dll
2011-05-13 17:08:02 ----D---- E:\Documents and Settings\All Users\Application Data\Installations
2011-05-08 16:50:32 ----D---- E:\Program Files\Pro-53
2011-05-06 19:11:09 ----D---- E:\Documents and Settings\acrid\Application Data\Google
2011-05-06 19:07:35 ----D---- E:\Program Files\Google
2011-05-02 21:23:50 ----A---- E:\WINDOWS\unvise32.exe
2011-05-02 21:09:37 ----HDC---- E:\Documents and Settings\All Users\Application Data\{E2B9164D-2E80-4C7D-8C03-CFD60FA556BC}
2011-05-02 21:09:27 ----D---- E:\Program Files\Common Files\Digidesign
2011-05-02 21:08:04 ----HDC---- E:\Documents and Settings\All Users\Application Data\{BE48917A-8173-4C25-A322-B40C9D2FDD69}
2011-05-02 21:07:54 ----D---- E:\Program Files\Lexicon
2011-04-21 01:09:44 ----HDC---- E:\Documents and Settings\All Users\Application Data\{4A818508-3355-4FBC-B302-D53B599DD9D5}
2011-04-21 01:08:50 ----HDC---- E:\Documents and Settings\All Users\Application Data\{2C41B757-F5D0-44F9-A206-EEB9CD973927}
2011-04-15 13:50:35 ----HDC---- E:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 13:50:30 ----HDC---- E:\WINDOWS\$NtUninstallKB2510581$
2011-04-15 13:50:25 ----HDC---- E:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 13:50:22 ----HDC---- E:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 13:48:21 ----HDC---- E:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 13:48:18 ----HDC---- E:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 13:48:14 ----HDC---- E:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 13:48:08 ----HDC---- E:\WINDOWS\$NtUninstallKB2497640$
2011-04-15 13:48:04 ----HDC---- E:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 13:48:00 ----HDC---- E:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 13:47:54 ----HDC---- E:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 13:42:07 ----HDC---- E:\WINDOWS\$NtUninstallKB2509553$
2011-04-03 19:57:49 ----D---- E:\Program Files\Popims
======List of files/folders modified in the last 3 months======
2011-06-28 19:05:55 ----D---- E:\Program Files
2011-06-28 18:47:29 ----D---- E:\WINDOWS\Temp
2011-06-28 18:47:28 ----D---- E:\WINDOWS\system32\CatRoot2
2011-06-28 18:39:17 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-06-28 18:22:16 ----D---- E:\WINDOWS
2011-06-28 18:01:45 ----HD---- E:\WINDOWS\inf
2011-06-28 18:01:45 ----D---- E:\WINDOWS\system32\drivers
2011-06-28 17:51:38 ----D---- E:\Hotspot Shield
2011-06-28 17:46:39 ----D---- E:\WINDOWS\system32
2011-06-28 17:40:06 ----D---- E:\Documents and Settings\acrid\Application Data\uTorrent
2011-06-28 17:28:06 ----RSD---- E:\WINDOWS\Fonts
2011-06-28 17:27:37 ----D---- E:\Program Files\PokerStars.FR
2011-06-28 17:27:03 ----D---- E:\Program Files\Full Tilt Poker.Fr
2011-06-28 16:20:00 ----D---- E:\WINDOWS\Prefetch
2011-06-28 15:48:21 ----D---- E:\WINDOWS\Microsoft.NET
2011-06-28 15:48:20 ----RSD---- E:\WINDOWS\assembly
2011-06-28 15:48:11 ----SHD---- E:\WINDOWS\Installer
2011-06-28 15:48:10 ----SHD---- E:\Config.Msi
2011-06-28 15:47:56 ----D---- E:\WINDOWS\WinSxS
2011-06-28 15:45:48 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2011-06-28 15:45:04 ----D---- E:\Program Files\Microsoft SQL Server
2011-06-28 15:43:26 ----D---- E:\WINDOWS\Registration
2011-06-28 15:40:16 ----A---- E:\WINDOWS\win.ini
2011-06-28 15:38:31 ----D---- E:\Program Files\Microsoft Works
2011-06-28 15:38:18 ----D---- E:\Program Files\Common Files\Microsoft Shared
2011-06-28 13:31:40 ----D---- E:\Program Files\Microsoft Silverlight
2011-06-28 02:42:59 ----D---- E:\Documents and Settings\All Users\Application Data\Soulseek
2011-06-27 21:57:43 ----D---- E:\Documents and Settings\acrid\Application Data\Skype
2011-06-26 16:53:57 ----D---- E:\Documents and Settings\acrid\Application Data\skypePM
2011-06-17 17:03:49 ----D---- E:\WINDOWS\Debug
2011-06-17 17:00:04 ----SD---- E:\Documents and Settings\acrid\Application Data\Microsoft
2011-06-16 17:47:50 ----A---- E:\WINDOWS\system32\MRT.exe
2011-06-16 17:47:44 ----RSHDC---- E:\WINDOWS\system32\dllcache
2011-06-16 17:47:25 ----HD---- E:\WINDOWS\$hf_mig$
2011-06-11 20:01:37 ----D---- E:\back up
2011-06-10 21:18:22 ----D---- E:\WINDOWS\Minidump
2011-06-10 20:37:30 ----D---- E:\Program Files\Xvid
2011-06-09 13:41:22 ----D---- E:\WINDOWS\system32\CatRoot
2011-06-08 01:11:35 ----D---- E:\Program Files\Sony
2011-06-08 01:10:36 ----D---- E:\WINDOWS\system32\drivers\UMDF
2011-06-08 01:10:36 ----D---- E:\Program Files\Windows Media Player
2011-06-06 21:39:04 ----D---- E:\Program Files\Vstplugins
2011-06-06 21:38:58 ----D---- E:\Program Files\vst plugins
2011-06-06 18:58:45 ----D---- E:\Program Files\FL09studio
2011-06-04 23:27:02 ----D---- E:\Documents and Settings\acrid\Application Data\U3
2011-05-30 15:42:51 ----A---- E:\WINDOWS\system32\xvidvfw.dll
2011-05-23 09:46:31 ----A---- E:\WINDOWS\system32\xvidcore.dll
2011-05-20 16:53:28 ----D---- E:\Program Files\Common Files
2011-05-20 16:53:09 ----DC---- E:\WINDOWS\system32\DRVSTORE
2011-05-06 19:07:49 ----SD---- E:\WINDOWS\Tasks
2011-05-02 17:31:52 ----A---- E:\WINDOWS\system32\inetcomm.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\wininet.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\urlmon.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\shdocvw.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\mstime.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\mshtmled.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\mshtml.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\iepeers.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\ieencode.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\browseui.dll
2011-04-21 01:09:03 ----D---- E:\Program Files\Native Instruments
2011-04-21 01:09:03 ----D---- E:\Program Files\Common Files\Native Instruments
2011-04-21 01:09:03 ----D---- E:\Documents and Settings\All Users\Application Data\Native Instruments
2011-04-04 09:39:24 ----D---- E:\Program Files\uTorrent
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 a347bus;a347bus; E:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; E:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 nvgts;nvgts; E:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; E:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2010-12-01 722416]
R1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 ANIO;ANIO Service; \??\E:\WINDOWS\system32\ANIO.SYS []
R3 AR5211;Atheros Wireless Network Adapter Service; E:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-07-30 583915]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CLEDX;Team H2O CLEDX service; E:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 fs2_1394;fs2_1394; E:\WINDOWS\System32\Drivers\fs2_1394.sys [2004-11-18 71936]
R3 fs2_avs;fs2_avs; E:\WINDOWS\System32\Drivers\fs2_avs.sys [2004-11-18 24576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HssDrv;Hotspot Shield Helper Miniport; E:\WINDOWS\system32\DRIVERS\HssDrv.sys [2011-05-25 37376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-01 6555104]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 taphss;Anchorfree HSS Adapter; E:\WINDOWS\system32\DRIVERS\taphss.sys [2011-05-25 32768]
R3 usbaudio;USB Audio Driver (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 61883;61883 Unit Device; E:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); E:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-25 547744]
S3 Avc;AVC Device; E:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; E:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17 6400]
S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 tap0901;TAP-Win32 Adapter V9; E:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-11-20 25984]
S3 tapvpn;TAP VPN Adapter; E:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 usbstor;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; E:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; E:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ANIWZCSdService;ANIWZCSd Service; E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
R2 CTDevice_Srv;CT Device Query service; E:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 hshld;Hotspot Shield Service; E:\Program Files\Hotspot Shield\bin\openvpnas.exe [2011-06-03 298824]
R2 HssSrv;Hotspot Shield Routing Service; E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-05-25 363336]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2010-08-11 153376]
R2 MDM;Machine Debug Manager; E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765); e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIHardwareService;NIHardwareService; E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-03-09 3857408]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2008-08-01 159812]
R2 SQLBrowser;SQL Server Browser; e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
S2 gupdate;Service Google Update (gupdate); E:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-06 136176]
S2 HssWd;Hotspot Shield Monitoring Service; E:\Program Files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-08-04 72704]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CTUPnPSv;Creative Centrale Media Server; E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); E:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-06 136176]
S3 HssTrayService;Hotspot Shield Tray Service; E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2011-06-03 63976]
S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; e:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; E:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by acrid at 2011-06-28 19:08:42
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 11 GB (12%) free of 93 GB
Total RAM: 2943 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:08:46, on 28/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
E:\Program Files\Creative\Shared Files\CTDevSrv.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
E:\WINDOWS\system32\nvsvc32.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Hotspot Shield\bin\openvpntray.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Hotspot Shield\bin\openvpn.exe
E:\Documents and Settings\acrid\Desktop\RSIT.exe
E:\Program Files\trend micro\acrid.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.gooofullsearch.com/bar
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61495
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O3 - Toolbar: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G520] E:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ScratchAmp] E:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [HKCU] E:\WINDOWS\msn\msn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O9 - Extra 'Tools' menuitem: Free software Gooofull toolbar - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS3\Services\Tcpip\..\{222AE077-0E75-4848-A324-0FECA1270ED2}: NameServer = 10.29.0.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - E:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7292 bytes
======Scheduled tasks folder======
E:\WINDOWS\tasks\AdobeAAMUpdater-1.0-ACRIDTPR38-acrid.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-11 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - E:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2011-05-25 233288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
TBSB07458 Class - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll [2010-06-18 2604032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - Free software Gooofull toolbar - E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll [2010-06-18 2604032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG DWL-G520"=E:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe [2008-10-07 1331200]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2008-08-01 13529088]
"ScratchAmp"=E:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe [2004-11-18 1363968]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2008-08-01 86016]
"TaskTray"= []
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU"=E:\WINDOWS\msn\msn.exe [2006-02-20 289792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
E:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2007-12-11 307200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
E:\WINDOWS\msn\msn.exe [2006-02-20 289792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
E:\WINDOWS\msn\msn.exe [2006-02-20 289792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
E:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
E:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - E:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"E:\Program Files\Skype\Plugin Manager\skypePM.exe"="E:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\SoulseekNS\slsk.exe"="E:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"
"E:\WINDOWS\Temp\~os55.tmp\rlvknlg.exe"="E:\WINDOWS\Temp\~os55.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"E:\Program Files\Spotify\spotify.exe"="E:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"e:\program files\relevantknowledge\rlvknlg.exe"="e:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"E:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="E:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"E:\Documents and Settings\acrid\Application Data\Dropbox\bin\Dropbox.exe"="E:\Documents and Settings\acrid\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"E:\Program Files\Google\Google Earth\plugin\geplugin.exe"="E:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"E:\Program Files\Hotspot Shield\bin\openvpntray.exe"="E:\Program Files\Hotspot Shield\bin\openvpntray.exe:*:Enabled:Hotspot Shield Launch"
"C:\Program Files\aircrack-ng-1.1-win\bin\buddy-ng.exe"="C:\Program Files\aircrack-ng-1.1-win\bin\buddy-ng.exe:*:Disabled:buddy-ng"
"E:\Program Files\cacaoweb\cacaoweb.exe"="E:\Program Files\cacaoweb\cacaoweb.exe:*:Disabled:cacaoweb"
"E:\Program Files\eMule\emule.exe"="E:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"E:\Program Files\IP Hider\IP Hider.exe"="E:\Program Files\IP Hider\IP Hider.exe:*:Disabled:IP Hider"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.js - open - "E:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 3 months======
2011-06-28 19:05:55 ----D---- E:\rsit
2011-06-28 19:05:55 ----D---- E:\Program Files\trend micro
2011-06-28 18:25:15 ----D---- E:\Documents and Settings\All Users\Application Data\hssff
2011-06-28 18:02:28 ----D---- E:\Documents and Settings\acrid\Application Data\PropMgrAsync
2011-06-28 18:02:28 ----D---- E:\Documents and Settings\acrid\Application Data\PlayerPlug
2011-06-28 18:02:24 ----D---- E:\Documents and Settings\acrid\Application Data\Toolbar4
2011-06-28 18:00:54 ----D---- E:\Program Files\Hotspot Shield 1.10
2011-06-28 17:49:21 ----D---- E:\Program Files\Hotspot Shield
2011-06-28 17:38:53 ----A---- E:\WINDOWS\system32\PCProxyOff.ini
2011-06-28 17:24:42 ----D---- E:\Documents and Settings\acrid\Application Data\GetRightToGo
2011-06-28 13:34:04 ----A---- E:\WINDOWS\system32\muweb.dll
2011-06-28 13:34:04 ----A---- E:\WINDOWS\system32\mucltui.dll.mui
2011-06-28 13:34:04 ----A---- E:\WINDOWS\system32\mucltui.dll
2011-06-16 17:47:40 ----HDC---- E:\WINDOWS\$NtUninstallKB2530548$
2011-06-16 17:47:31 ----HDC---- E:\WINDOWS\$NtUninstallKB2476490$
2011-06-16 17:47:26 ----HDC---- E:\WINDOWS\$NtUninstallKB2503665$
2011-06-16 17:47:19 ----HDC---- E:\WINDOWS\$NtUninstallKB2535512$
2011-06-16 17:47:13 ----HDC---- E:\WINDOWS\$NtUninstallKB2536276$
2011-06-16 17:47:05 ----HDC---- E:\WINDOWS\$NtUninstallKB2544893$
2011-06-16 14:12:15 ----D---- E:\Documents and Settings\acrid\Application Data\Creative
2011-06-16 14:08:44 ----D---- E:\Documents and Settings\All Users\Application Data\Creative
2011-06-16 14:08:38 ----HD---- E:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
2011-06-16 14:07:42 ----D---- E:\Program Files\Creative
2011-06-16 14:07:38 ----HD---- E:\Documents and Settings\All Users\Application Data\{C17AF33A-CB54-4FE4-B040-6A7B33EE90D2}
2011-06-15 17:38:23 ----D---- E:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2011-06-10 20:28:21 ----D---- E:\Program Files\Driver-Soft
2011-06-09 13:40:22 ----N---- E:\WINDOWS\system32\spmsg.dll
2011-06-08 01:10:30 ----HDC---- E:\WINDOWS\$NtUninstallWMFDist11$
2011-06-06 18:57:26 ----D---- E:\Documents and Settings\acrid\Application Data\Daichi
2011-05-25 01:40:12 ----A---- E:\WINDOWS\system32\drivers\HssDrv.sys
2011-05-13 17:10:17 ----D---- E:\Documents and Settings\acrid\Application Data\Nokia
2011-05-13 17:10:15 ----D---- E:\Documents and Settings\acrid\Application Data\PC Suite
2011-05-13 17:10:14 ----D---- E:\Documents and Settings\All Users\Application Data\PC Suite
2011-05-13 17:09:39 ----D---- E:\Program Files\DIFX
2011-05-13 17:09:38 ----A---- E:\WINDOWS\system32\drivers\pccsmcfd.sys
2011-05-13 17:09:32 ----D---- E:\Program Files\PC Connectivity Solution
2011-05-13 17:09:20 ----D---- E:\Program Files\Nokia
2011-05-13 17:09:20 ----A---- E:\WINDOWS\system32\nmwcdcls.dll
2011-05-13 17:08:02 ----D---- E:\Documents and Settings\All Users\Application Data\Installations
2011-05-08 16:50:32 ----D---- E:\Program Files\Pro-53
2011-05-06 19:11:09 ----D---- E:\Documents and Settings\acrid\Application Data\Google
2011-05-06 19:07:35 ----D---- E:\Program Files\Google
2011-05-02 21:23:50 ----A---- E:\WINDOWS\unvise32.exe
2011-05-02 21:09:37 ----HDC---- E:\Documents and Settings\All Users\Application Data\{E2B9164D-2E80-4C7D-8C03-CFD60FA556BC}
2011-05-02 21:09:27 ----D---- E:\Program Files\Common Files\Digidesign
2011-05-02 21:08:04 ----HDC---- E:\Documents and Settings\All Users\Application Data\{BE48917A-8173-4C25-A322-B40C9D2FDD69}
2011-05-02 21:07:54 ----D---- E:\Program Files\Lexicon
2011-04-21 01:09:44 ----HDC---- E:\Documents and Settings\All Users\Application Data\{4A818508-3355-4FBC-B302-D53B599DD9D5}
2011-04-21 01:08:50 ----HDC---- E:\Documents and Settings\All Users\Application Data\{2C41B757-F5D0-44F9-A206-EEB9CD973927}
2011-04-15 13:50:35 ----HDC---- E:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 13:50:30 ----HDC---- E:\WINDOWS\$NtUninstallKB2510581$
2011-04-15 13:50:25 ----HDC---- E:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 13:50:22 ----HDC---- E:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 13:48:21 ----HDC---- E:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 13:48:18 ----HDC---- E:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 13:48:14 ----HDC---- E:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 13:48:08 ----HDC---- E:\WINDOWS\$NtUninstallKB2497640$
2011-04-15 13:48:04 ----HDC---- E:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 13:48:00 ----HDC---- E:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 13:47:54 ----HDC---- E:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 13:42:07 ----HDC---- E:\WINDOWS\$NtUninstallKB2509553$
2011-04-03 19:57:49 ----D---- E:\Program Files\Popims
======List of files/folders modified in the last 3 months======
2011-06-28 19:05:55 ----D---- E:\Program Files
2011-06-28 18:47:29 ----D---- E:\WINDOWS\Temp
2011-06-28 18:47:28 ----D---- E:\WINDOWS\system32\CatRoot2
2011-06-28 18:39:17 ----A---- E:\WINDOWS\SchedLgU.Txt
2011-06-28 18:22:16 ----D---- E:\WINDOWS
2011-06-28 18:01:45 ----HD---- E:\WINDOWS\inf
2011-06-28 18:01:45 ----D---- E:\WINDOWS\system32\drivers
2011-06-28 17:51:38 ----D---- E:\Hotspot Shield
2011-06-28 17:46:39 ----D---- E:\WINDOWS\system32
2011-06-28 17:40:06 ----D---- E:\Documents and Settings\acrid\Application Data\uTorrent
2011-06-28 17:28:06 ----RSD---- E:\WINDOWS\Fonts
2011-06-28 17:27:37 ----D---- E:\Program Files\PokerStars.FR
2011-06-28 17:27:03 ----D---- E:\Program Files\Full Tilt Poker.Fr
2011-06-28 16:20:00 ----D---- E:\WINDOWS\Prefetch
2011-06-28 15:48:21 ----D---- E:\WINDOWS\Microsoft.NET
2011-06-28 15:48:20 ----RSD---- E:\WINDOWS\assembly
2011-06-28 15:48:11 ----SHD---- E:\WINDOWS\Installer
2011-06-28 15:48:10 ----SHD---- E:\Config.Msi
2011-06-28 15:47:56 ----D---- E:\WINDOWS\WinSxS
2011-06-28 15:45:48 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2011-06-28 15:45:04 ----D---- E:\Program Files\Microsoft SQL Server
2011-06-28 15:43:26 ----D---- E:\WINDOWS\Registration
2011-06-28 15:40:16 ----A---- E:\WINDOWS\win.ini
2011-06-28 15:38:31 ----D---- E:\Program Files\Microsoft Works
2011-06-28 15:38:18 ----D---- E:\Program Files\Common Files\Microsoft Shared
2011-06-28 13:31:40 ----D---- E:\Program Files\Microsoft Silverlight
2011-06-28 02:42:59 ----D---- E:\Documents and Settings\All Users\Application Data\Soulseek
2011-06-27 21:57:43 ----D---- E:\Documents and Settings\acrid\Application Data\Skype
2011-06-26 16:53:57 ----D---- E:\Documents and Settings\acrid\Application Data\skypePM
2011-06-17 17:03:49 ----D---- E:\WINDOWS\Debug
2011-06-17 17:00:04 ----SD---- E:\Documents and Settings\acrid\Application Data\Microsoft
2011-06-16 17:47:50 ----A---- E:\WINDOWS\system32\MRT.exe
2011-06-16 17:47:44 ----RSHDC---- E:\WINDOWS\system32\dllcache
2011-06-16 17:47:25 ----HD---- E:\WINDOWS\$hf_mig$
2011-06-11 20:01:37 ----D---- E:\back up
2011-06-10 21:18:22 ----D---- E:\WINDOWS\Minidump
2011-06-10 20:37:30 ----D---- E:\Program Files\Xvid
2011-06-09 13:41:22 ----D---- E:\WINDOWS\system32\CatRoot
2011-06-08 01:11:35 ----D---- E:\Program Files\Sony
2011-06-08 01:10:36 ----D---- E:\WINDOWS\system32\drivers\UMDF
2011-06-08 01:10:36 ----D---- E:\Program Files\Windows Media Player
2011-06-06 21:39:04 ----D---- E:\Program Files\Vstplugins
2011-06-06 21:38:58 ----D---- E:\Program Files\vst plugins
2011-06-06 18:58:45 ----D---- E:\Program Files\FL09studio
2011-06-04 23:27:02 ----D---- E:\Documents and Settings\acrid\Application Data\U3
2011-05-30 15:42:51 ----A---- E:\WINDOWS\system32\xvidvfw.dll
2011-05-23 09:46:31 ----A---- E:\WINDOWS\system32\xvidcore.dll
2011-05-20 16:53:28 ----D---- E:\Program Files\Common Files
2011-05-20 16:53:09 ----DC---- E:\WINDOWS\system32\DRVSTORE
2011-05-06 19:07:49 ----SD---- E:\WINDOWS\Tasks
2011-05-02 17:31:52 ----A---- E:\WINDOWS\system32\inetcomm.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\wininet.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\urlmon.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\shdocvw.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\mstime.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\mshtmled.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\mshtml.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\iepeers.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\ieencode.dll
2011-04-25 16:47:19 ----A---- E:\WINDOWS\system32\browseui.dll
2011-04-21 01:09:03 ----D---- E:\Program Files\Native Instruments
2011-04-21 01:09:03 ----D---- E:\Program Files\Common Files\Native Instruments
2011-04-21 01:09:03 ----D---- E:\Documents and Settings\All Users\Application Data\Native Instruments
2011-04-04 09:39:24 ----D---- E:\Program Files\uTorrent
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 a347bus;a347bus; E:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; E:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 nvgts;nvgts; E:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-08-18 145952]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; E:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; E:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sptd;sptd; E:\WINDOWS\System32\Drivers\sptd.sys [2010-12-01 722416]
R1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 ANIO;ANIO Service; \??\E:\WINDOWS\system32\ANIO.SYS []
R3 AR5211;Atheros Wireless Network Adapter Service; E:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-07-30 583915]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CLEDX;Team H2O CLEDX service; E:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 fs2_1394;fs2_1394; E:\WINDOWS\System32\Drivers\fs2_1394.sys [2004-11-18 71936]
R3 fs2_avs;fs2_avs; E:\WINDOWS\System32\Drivers\fs2_avs.sys [2004-11-18 24576]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HssDrv;Hotspot Shield Helper Miniport; E:\WINDOWS\system32\DRIVERS\HssDrv.sys [2011-05-25 37376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-01 6555104]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 taphss;Anchorfree HSS Adapter; E:\WINDOWS\system32\DRIVERS\taphss.sys [2011-05-25 32768]
R3 usbaudio;USB Audio Driver (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 61883;61883 Unit Device; E:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); E:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-25 547744]
S3 Avc;AVC Device; E:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; E:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17 6400]
S3 pccsmcfd;PCCS Mode Change Filter Driver; E:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 tap0901;TAP-Win32 Adapter V9; E:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-11-20 25984]
S3 tapvpn;TAP VPN Adapter; E:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 usbstor;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; E:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; E:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ANIWZCSdService;ANIWZCSd Service; E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
R2 CTDevice_Srv;CT Device Query service; E:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 hshld;Hotspot Shield Service; E:\Program Files\Hotspot Shield\bin\openvpnas.exe [2011-06-03 298824]
R2 HssSrv;Hotspot Shield Routing Service; E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-05-25 363336]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2010-08-11 153376]
R2 MDM;Machine Debug Manager; E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$RADIONOMY536765;SQL Server (RADIONOMY536765); e:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NIHardwareService;NIHardwareService; E:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-03-09 3857408]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2008-08-01 159812]
R2 SQLBrowser;SQL Server Browser; e:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; e:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
S2 gupdate;Service Google Update (gupdate); E:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-06 136176]
S2 HssWd;Hotspot Shield Monitoring Service; E:\Program Files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-08-04 72704]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CTUPnPSv;Creative Centrale Media Server; E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Google Update Service (gupdatem); E:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-06 136176]
S3 HssTrayService;Hotspot Shield Tray Service; E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2011-06-03 63976]
S3 idsvc;Windows CardSpace; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; e:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; E:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; E:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
A voir également:
- Mon ordi rame
- Ordi qui rame - Guide
- Mon ordi ne reconnait pas ma clé usb - Guide
- Comment reinitialiser un ordi - Guide
- Mon mac rame comment le nettoyer - Guide
- Plus de son sur mon ordi - Guide
4 réponses
Bonsoir,
Tu es victime d'une infection DNS .
Pour plus de précision ,fait ceci :
Télécharge ZhpDiag de Nicolas Coolman .
Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista/7).
Une fois installé le programme s'ouvre automatiquement .
Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .
Rend toi sur ce site : http://www.cijoint.fr/index.php ou celui-ci : http://pjjoint.malekal.com/
Clique sur parcourir et sélectionne le fichier ZhpDiag.txt (Une aide au cas ou])
Un lien va etre créer ,poste ce lien dans ta prochaine réponse.
Tu es victime d'une infection DNS .
Pour plus de précision ,fait ceci :
Télécharge ZhpDiag de Nicolas Coolman .
Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista/7).
Une fois installé le programme s'ouvre automatiquement .
Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .
Rend toi sur ce site : http://www.cijoint.fr/index.php ou celui-ci : http://pjjoint.malekal.com/
Clique sur parcourir et sélectionne le fichier ZhpDiag.txt (Une aide au cas ou])
Un lien va etre créer ,poste ce lien dans ta prochaine réponse.
akme23
http://www.cijoint.fr/cjlink.php?file=cj201106/cijLgRcmcY.txt
bonjour et merci pour l'aide voici le lien obtenu avec zhpdiag via ci joint.fr
http://www.cijoint.fr/cjlink.php?file=cj201106/cijLgRcmcY.txt
merci encore
http://www.cijoint.fr/cjlink.php?file=cj201106/cijLgRcmcY.txt
merci encore
Copie dans le Presse-papier les lignes ci-dessous en gras (sélectionne les avec la souris et fais simultanément Ctrl et C)
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
M2 - MFEP: prefs.js [acrid - au391cvb.default\[email protected]] [] cacaoweb v1.0.15 (.http://www.cacaoweb.org/
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61495
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Unknown owner - IE Toolbar Engine.) -- E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O4 - HKLM\..\Run: [HKLM] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKCU\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKUS\S-1-5-21-1343024091-1303643608-1801674531-1004\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
[HKCU\Software\Grand Virtual]
[HKCU\Software\Spointer]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
[HKLM\Software\OfferBox]
O43 - CFD: 03/02/2011 - 03:19:14 - [383216] ----D- E:\Program Files\cacaoweb
O43 - CFD: 15/08/2010 - 21:48:08 - [96600] ----D- E:\Program Files\OfferBox
O43 - CFD: 03/02/2011 - 05:34:50 - [65] ----D- E:\Documents and Settings\acrid\Application Data\cacaoweb
O43 - CFD: 11/08/2010 - 19:14:40 - [5490] ----D- E:\Documents and Settings\acrid\Application Data\CrazyLoader
O43 - CFD: 15/08/2010 - 21:48:08 - [121] ----D- E:\Documents and Settings\acrid\Application Data\OfferBox
O43 - CFD: 28/06/2011 - 18:02:26 - [8301] ----D- E:\Documents and Settings\acrid\Application Data\Toolbar4
O43 - CFD: 15/08/2010 - 16:09:12 - [150933890] ----D- E:\Documents and Settings\acrid\Application Data\vghd
O43 - CFD: 13/08/2010 - 01:52:44 - [131929] ----D- E:\Documents and Settings\acrid\Local Settings\Application Data\crazyloader Air
O47 - AAKE:Key Export SP - "e:\program files\relevantknowledge\rlvknlg.exe" [Enabled] .(...) -- e:\program files\relevantknowledge\rlvknlg.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\Program Files\cacaoweb\cacaoweb.exe" [Disabled] .(...) -- E:\Program Files\cacaoweb\cacaoweb.exe
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom]
[HKCU\Software\Microsoft\Internet Explorer\extensions\cmdmapping]:{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU
E:\Program Files\cacaoweb
E:\Program Files\OfferBox
E:\Documents and Settings\acrid\Application Data\cacaoweb
E:\Documents and Settings\acrid\Application Data\Crazyloader
E:\Documents and Settings\acrid\Application Data\OfferBox
E:\Documents and Settings\acrid\Application Data\Toolbar4
E:\Documents and Settings\acrid\Application Data\vghd
E:\Documents and Settings\acrid\Local Settings\Application Data\Crazyloader Air
Proxyfix
Emptytemp
Déconnecte toi d'Internet et ferme toutes les applications ouvertes.
Pour Xp : Double clique sur l'icône ZHPFix.exe sur ton Bureau.
Pour Vista et W7 : Clique droit sur l'icône ZHPFix.exe sur ton Bureau,
puis sélectionne 'Exécuter en tant qu'administrateur'.
Clique successivement sur l'icône H (pour effacer le rapport qui s'est affiché) puis sur l'icône de la malette cachée par la feuille.
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur OK, ce qui fait apparaître un carré à gauche de chaque ligne.
Clique sur "Tous" puis sur "Nettoyer".
Laisse l'outil travailler.
Si il te demande de redémarrer l'ordi pour achever le nettoyage, fais le immédiatement.
Le rapport d'exécution va apparaître dans la fenêtre.
Copie le dans ta réponse.
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
M2 - MFEP: prefs.js [acrid - au391cvb.default\[email protected]] [] cacaoweb v1.0.15 (.http://www.cacaoweb.org/
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61495
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Unknown owner - IE Toolbar Engine.) -- E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O4 - HKLM\..\Run: [HKLM] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKCU\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKUS\S-1-5-21-1343024091-1303643608-1801674531-1004\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
[HKCU\Software\Grand Virtual]
[HKCU\Software\Spointer]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
[HKLM\Software\OfferBox]
O43 - CFD: 03/02/2011 - 03:19:14 - [383216] ----D- E:\Program Files\cacaoweb
O43 - CFD: 15/08/2010 - 21:48:08 - [96600] ----D- E:\Program Files\OfferBox
O43 - CFD: 03/02/2011 - 05:34:50 - [65] ----D- E:\Documents and Settings\acrid\Application Data\cacaoweb
O43 - CFD: 11/08/2010 - 19:14:40 - [5490] ----D- E:\Documents and Settings\acrid\Application Data\CrazyLoader
O43 - CFD: 15/08/2010 - 21:48:08 - [121] ----D- E:\Documents and Settings\acrid\Application Data\OfferBox
O43 - CFD: 28/06/2011 - 18:02:26 - [8301] ----D- E:\Documents and Settings\acrid\Application Data\Toolbar4
O43 - CFD: 15/08/2010 - 16:09:12 - [150933890] ----D- E:\Documents and Settings\acrid\Application Data\vghd
O43 - CFD: 13/08/2010 - 01:52:44 - [131929] ----D- E:\Documents and Settings\acrid\Local Settings\Application Data\crazyloader Air
O47 - AAKE:Key Export SP - "e:\program files\relevantknowledge\rlvknlg.exe" [Enabled] .(...) -- e:\program files\relevantknowledge\rlvknlg.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\Program Files\cacaoweb\cacaoweb.exe" [Disabled] .(...) -- E:\Program Files\cacaoweb\cacaoweb.exe
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom]
[HKCU\Software\Microsoft\Internet Explorer\extensions\cmdmapping]:{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU
E:\Program Files\cacaoweb
E:\Program Files\OfferBox
E:\Documents and Settings\acrid\Application Data\cacaoweb
E:\Documents and Settings\acrid\Application Data\Crazyloader
E:\Documents and Settings\acrid\Application Data\OfferBox
E:\Documents and Settings\acrid\Application Data\Toolbar4
E:\Documents and Settings\acrid\Application Data\vghd
E:\Documents and Settings\acrid\Local Settings\Application Data\Crazyloader Air
Proxyfix
Emptytemp
Déconnecte toi d'Internet et ferme toutes les applications ouvertes.
Pour Xp : Double clique sur l'icône ZHPFix.exe sur ton Bureau.
Pour Vista et W7 : Clique droit sur l'icône ZHPFix.exe sur ton Bureau,
puis sélectionne 'Exécuter en tant qu'administrateur'.
Clique successivement sur l'icône H (pour effacer le rapport qui s'est affiché) puis sur l'icône de la malette cachée par la feuille.
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
Clique sur OK, ce qui fait apparaître un carré à gauche de chaque ligne.
Clique sur "Tous" puis sur "Nettoyer".
Laisse l'outil travailler.
Si il te demande de redémarrer l'ordi pour achever le nettoyage, fais le immédiatement.
Le rapport d'exécution va apparaître dans la fenêtre.
Copie le dans ta réponse.
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
M2 - MFEP: prefs.js [acrid - au391cvb.default\[email protected]] [] cacaoweb v1.0.15 (.http://www.cacaoweb.org/
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61495
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Unknown owner - IE Toolbar Engine.) -- E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O4 - HKLM\..\Run: [HKLM] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKCU\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKUS\S-1-5-21-1343024091-1303643608-1801674531-1004\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
[HKCU\Software\Grand Virtual]
[HKCU\Software\Spointer]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
[HKLM\Software\OfferBox]
O43 - CFD: 03/02/2011 - 03:19:14 - [383216] ----D- E:\Program Files\cacaoweb
O43 - CFD: 15/08/2010 - 21:48:08 - [96600] ----D- E:\Program Files\OfferBox
O43 - CFD: 03/02/2011 - 05:34:50 - [65] ----D- E:\Documents and Settings\acrid\Application Data\cacaoweb
O43 - CFD: 11/08/2010 - 19:14:40 - [5490] ----D- E:\Documents and Settings\acrid\Application Data\CrazyLoader
O43 - CFD: 15/08/2010 - 21:48:08 - [121] ----D- E:\Documents and Settings\acrid\Application Data\OfferBox
O43 - CFD: 28/06/2011 - 18:02:26 - [8301] ----D- E:\Documents and Settings\acrid\Application Data\Toolbar4
O43 - CFD: 15/08/2010 - 16:09:12 - [150933890] ----D- E:\Documents and Settings\acrid\Application Data\vghd
O43 - CFD: 13/08/2010 - 01:52:44 - [131929] ----D- E:\Documents and Settings\acrid\Local Settings\Application Data\crazyloader Air
O47 - AAKE:Key Export SP - "e:\program files\relevantknowledge\rlvknlg.exe" [Enabled] .(...) -- e:\program files\relevantknowledge\rlvknlg.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\Program Files\cacaoweb\cacaoweb.exe" [Disabled] .(...) -- E:\Program Files\cacaoweb\cacaoweb.exe
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom]
[HKCU\Software\Microsoft\Internet Explorer\extensions\cmdmapping]:{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU
E:\Program Files\cacaoweb
E:\Program Files\OfferBox
E:\Documents and Settings\acrid\Application Data\cacaoweb
E:\Documents and Settings\acrid\Application Data\Crazyloader
E:\Documents and Settings\acrid\Application Data\OfferBox
E:\Documents and Settings\acrid\Application Data\Toolbar4
E:\Documents and Settings\acrid\Application Data\vghd
E:\Documents and Settings\acrid\Local Settings\Application Data\Crazyloader Air
Proxyfix
Emptytemp
M2 - MFEP: prefs.js [acrid - au391cvb.default\[email protected]] [] cacaoweb v1.0.15 (.http://www.cacaoweb.org/
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:61495
O2 - BHO: TBSB07458 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} . (.Unknown owner - IE Toolbar Engine.) -- E:\Program Files\Hotspot Shield 1.10\mybarnsj20.tmp\tbcore3.dll
O4 - HKLM\..\Run: [HKLM] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKCU\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
O4 - HKUS\S-1-5-21-1343024091-1303643608-1801674531-1004\..\Run: [HKCU] . (...) -- E:\WINDOWS\msn\msn.exe
[HKCU\Software\Grand Virtual]
[HKCU\Software\Spointer]
[HKCU\Software\cacaoweb]
[HKLM\Software\CrazyLoader]
[HKLM\Software\OfferBox]
O43 - CFD: 03/02/2011 - 03:19:14 - [383216] ----D- E:\Program Files\cacaoweb
O43 - CFD: 15/08/2010 - 21:48:08 - [96600] ----D- E:\Program Files\OfferBox
O43 - CFD: 03/02/2011 - 05:34:50 - [65] ----D- E:\Documents and Settings\acrid\Application Data\cacaoweb
O43 - CFD: 11/08/2010 - 19:14:40 - [5490] ----D- E:\Documents and Settings\acrid\Application Data\CrazyLoader
O43 - CFD: 15/08/2010 - 21:48:08 - [121] ----D- E:\Documents and Settings\acrid\Application Data\OfferBox
O43 - CFD: 28/06/2011 - 18:02:26 - [8301] ----D- E:\Documents and Settings\acrid\Application Data\Toolbar4
O43 - CFD: 15/08/2010 - 16:09:12 - [150933890] ----D- E:\Documents and Settings\acrid\Application Data\vghd
O43 - CFD: 13/08/2010 - 01:52:44 - [131929] ----D- E:\Documents and Settings\acrid\Local Settings\Application Data\crazyloader Air
O47 - AAKE:Key Export SP - "e:\program files\relevantknowledge\rlvknlg.exe" [Enabled] .(...) -- e:\program files\relevantknowledge\rlvknlg.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\Program Files\cacaoweb\cacaoweb.exe" [Disabled] .(...) -- E:\Program Files\cacaoweb\cacaoweb.exe
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
[HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom]
[HKCU\Software\Microsoft\Internet Explorer\extensions\cmdmapping]:{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE}
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:HKCU
E:\Program Files\cacaoweb
E:\Program Files\OfferBox
E:\Documents and Settings\acrid\Application Data\cacaoweb
E:\Documents and Settings\acrid\Application Data\Crazyloader
E:\Documents and Settings\acrid\Application Data\OfferBox
E:\Documents and Settings\acrid\Application Data\Toolbar4
E:\Documents and Settings\acrid\Application Data\vghd
E:\Documents and Settings\acrid\Local Settings\Application Data\Crazyloader Air
Proxyfix
Emptytemp
