Spyware Guard 2009
Fermé
frenchbei
-
14 janv. 2009 à 18:23
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 15 janv. 2009 à 16:24
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 15 janv. 2009 à 16:24
A voir également:
- Spyware Guard 2009
- Anti spyware - Télécharger - Antivirus & Antimalwares
- Temu spyware - Guide
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Splitcam ancienne version 2009 - Télécharger - Messagerie
- Spyware terminator - Télécharger - Antivirus & Antimalwares
12 réponses
baptiste05
Messages postés
327
Date d'inscription
vendredi 18 avril 2008
Statut
Membre
Dernière intervention
5 juillet 2011
44
14 janv. 2009 à 18:25
14 janv. 2009 à 18:25
salut
telecharge malware's bytes anti malware un nom comme sa en recherchant sur google tu trouveras.
fais un scan complet et tu enleve ta connexion internet et c'est bon normalment
telecharge malware's bytes anti malware un nom comme sa en recherchant sur google tu trouveras.
fais un scan complet et tu enleve ta connexion internet et c'est bon normalment
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
14 janv. 2009 à 18:25
14 janv. 2009 à 18:25
Salut,
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) en prenant soin de le renommer en KillTibs avant de l'enregistrer sur ton Bureau.
--> Double-clique sur KillTibs.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) en prenant soin de le renommer en KillTibs avant de l'enregistrer sur ton Bureau.
--> Double-clique sur KillTibs.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
14 janv. 2009 à 18:40
14 janv. 2009 à 18:40
http://sd-1.archive-host.com/membres/up/3288717712384394/KillTibs.exe
Voila le log . Merci !
ComboFix 09-01-13.04 - ct 2009-01-15 2:05:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.711 [GMT 8:00]
Running from: c:\documents and settings\ct\Desktop\KillTibs.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\svhost.exe
c:\documents and settings\All Users\Application Data\svhost.exe
c:\program files\pcast
c:\program files\pcast\PodcastbarMini\download.ini
c:\program files\StormII
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\winscenter.exe
c:\windows\vmreg.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.
2009-01-13 23:19 . 2009-01-13 23:19 90 --ah----- C:\aaw7boot.cmd
2009-01-13 22:31 . 2009-01-14 00:02 <DIR> d-------- c:\program files\Spyware Guard 2009
2009-01-04 23:58 . 2009-01-04 23:58 <DIR> d-------- c:\windows\Sun
2009-01-04 23:57 . 2009-01-04 23:57 <DIR> d-------- c:\program files\Java
2009-01-04 23:57 . 2009-01-04 23:57 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 23:57 . 2009-01-04 23:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-04 18:23 . 2009-01-04 20:08 69 --a------ c:\windows\NeroDigital.ini
2008-12-21 00:34 . 2008-12-24 18:44 <DIR> d-------- c:\program files\eMule
2008-12-16 23:22 . 2009-01-04 23:50 <DIR> d-------- c:\program files\Bonjour
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iTunes
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iPod
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 18:09 93,216 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-14 18:09 6,901,024 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-14 18:09 --------- d-----w c:\program files\360safe
2009-01-14 18:08 95,492 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-14 18:08 11,804 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-14 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-13 16:37 --------- d-----w c:\program files\Google
2009-01-13 15:09 --------- d-----w c:\documents and settings\ct\Application Data\360Safe
2009-01-13 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\360safe
2009-01-13 15:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-11 11:27 --------- d-----w c:\documents and settings\ct\Application Data\Skype
2008-12-29 12:10 --------- d-----w c:\documents and settings\ct\Application Data\SogouPY
2008-12-20 16:43 --------- d-----w c:\program files\360Safebox
2008-12-16 15:17 --------- d-----w c:\program files\Common Files\Apple
2008-12-12 03:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 03:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-01 13:06 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-01 13:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-01 13:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-01 12:26 --------- d-----w c:\program files\Kaspersky Lab
2008-12-01 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-07-17 17:34 19,153,264 ----a-w c:\program files\aaw2008.exe
2003-01-07 04:45 211 ----a-w c:\program files\Common Files\boob.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 97357]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"360Safebox"="c:\program files\360Safebox\safeboxTray.exe" [2008-09-25 632320]
"360Safetray"="c:\program files\360safe\safemon\360tray.exe" [2008-08-25 271872]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"spywareguard"="c:\program files\Spyware Guard 2009\spywareguard.exe" [2009-01-13 1025536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-08 c:\windows\RTHDCPL.EXE]
c:\documents and settings\ct\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-24 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kingsoft\\PowerWord 2005\\XDICT.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://VeryCD.265.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ??????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ?????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 02:09:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(924)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-15 2:11:25 - machine was rebooted [ct]
ComboFix-quarantined-files.txt 2009-01-14 18:11:21
Pre-Run: 6,941,364,224 bytes free
Post-Run: 7,062,519,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\grldr="Ò»¼ü»¹Ô¾«Áé¸öÈË°æ"
220 --- E O F --- 2009-01-14 16:43:31
ComboFix 09-01-13.04 - ct 2009-01-15 2:05:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.711 [GMT 8:00]
Running from: c:\documents and settings\ct\Desktop\KillTibs.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\svhost.exe
c:\documents and settings\All Users\Application Data\svhost.exe
c:\program files\pcast
c:\program files\pcast\PodcastbarMini\download.ini
c:\program files\StormII
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\drivers\TDSSmhxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\winscenter.exe
c:\windows\vmreg.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.
2009-01-13 23:19 . 2009-01-13 23:19 90 --ah----- C:\aaw7boot.cmd
2009-01-13 22:31 . 2009-01-14 00:02 <DIR> d-------- c:\program files\Spyware Guard 2009
2009-01-04 23:58 . 2009-01-04 23:58 <DIR> d-------- c:\windows\Sun
2009-01-04 23:57 . 2009-01-04 23:57 <DIR> d-------- c:\program files\Java
2009-01-04 23:57 . 2009-01-04 23:57 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 23:57 . 2009-01-04 23:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-04 18:23 . 2009-01-04 20:08 69 --a------ c:\windows\NeroDigital.ini
2008-12-21 00:34 . 2008-12-24 18:44 <DIR> d-------- c:\program files\eMule
2008-12-16 23:22 . 2009-01-04 23:50 <DIR> d-------- c:\program files\Bonjour
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iTunes
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iPod
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 18:09 93,216 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-14 18:09 6,901,024 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-14 18:09 --------- d-----w c:\program files\360safe
2009-01-14 18:08 95,492 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-14 18:08 11,804 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-14 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-13 16:37 --------- d-----w c:\program files\Google
2009-01-13 15:09 --------- d-----w c:\documents and settings\ct\Application Data\360Safe
2009-01-13 15:09 --------- d-----w c:\documents and settings\All Users\Application Data\360safe
2009-01-13 15:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-11 11:27 --------- d-----w c:\documents and settings\ct\Application Data\Skype
2008-12-29 12:10 --------- d-----w c:\documents and settings\ct\Application Data\SogouPY
2008-12-20 16:43 --------- d-----w c:\program files\360Safebox
2008-12-16 15:17 --------- d-----w c:\program files\Common Files\Apple
2008-12-12 03:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 03:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-01 13:06 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-01 13:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-01 13:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-01 12:26 --------- d-----w c:\program files\Kaspersky Lab
2008-12-01 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-07-17 17:34 19,153,264 ----a-w c:\program files\aaw2008.exe
2003-01-07 04:45 211 ----a-w c:\program files\Common Files\boob.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 97357]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"360Safebox"="c:\program files\360Safebox\safeboxTray.exe" [2008-09-25 632320]
"360Safetray"="c:\program files\360safe\safemon\360tray.exe" [2008-08-25 271872]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"spywareguard"="c:\program files\Spyware Guard 2009\spywareguard.exe" [2009-01-13 1025536]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-08 c:\windows\RTHDCPL.EXE]
c:\documents and settings\ct\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-24 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kingsoft\\PowerWord 2005\\XDICT.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://VeryCD.265.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ??????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ?????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 02:09:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(924)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-15 2:11:25 - machine was rebooted [ct]
ComboFix-quarantined-files.txt 2009-01-14 18:11:21
Pre-Run: 6,941,364,224 bytes free
Post-Run: 7,062,519,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\grldr="Ò»¼ü»¹Ô¾«Áé¸öÈË°æ"
220 --- E O F --- 2009-01-14 16:43:31
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
14 janv. 2009 à 19:26
14 janv. 2009 à 19:26
---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
voila le rapport
Malwarebytes' Anti-Malware 1.32
Database version: 1653
Windows 5.1.2600 Service Pack 2
1/15/2009 2:34:10 AM
mbam-log-2009-01-15 (02-34-10).txt
Scan type: Quick Scan
Objects scanned: 49785
Time elapsed: 2 minute(s), 6 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 10
Memory Processes Infected:
C:\Program Files\Spyware Guard 2009\spywareguard.exe (Rogue.SpywareGuard) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2009 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85da92df-239b-46e9-975c-21f1c16cbac0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Spyware Guard 2009 (Rogue.SpywareGuard) -> Delete on reboot.
C:\Program Files\Spyware Guard 2009\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\ct\Start Menu\Programs\Spyware Guard 2009 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Spyware Guard 2009\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\spywareguard.exe (Rogue.SpywareGuard) -> Delete on reboot.
C:\Program Files\Spyware Guard 2009\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\ct\Start Menu\Programs\Spyware Guard 2009\Spyware Guard 2009.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\whnnltmxhm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.32
Database version: 1653
Windows 5.1.2600 Service Pack 2
1/15/2009 2:34:10 AM
mbam-log-2009-01-15 (02-34-10).txt
Scan type: Quick Scan
Objects scanned: 49785
Time elapsed: 2 minute(s), 6 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 10
Memory Processes Infected:
C:\Program Files\Spyware Guard 2009\spywareguard.exe (Rogue.SpywareGuard) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2009 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{85da92df-239b-46e9-975c-21f1c16cbac0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spywareguard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Spyware Guard 2009 (Rogue.SpywareGuard) -> Delete on reboot.
C:\Program Files\Spyware Guard 2009\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\ct\Start Menu\Programs\Spyware Guard 2009 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Spyware Guard 2009\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\spywareguard.exe (Rogue.SpywareGuard) -> Delete on reboot.
C:\Program Files\Spyware Guard 2009\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2009\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\ct\Start Menu\Programs\Spyware Guard 2009\Spyware Guard 2009.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\whnnltmxhm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
14 janv. 2009 à 19:40
14 janv. 2009 à 19:40
---> Relance MBAM, va dans Quarantaine et supprime tout.
---> Puis fais ceci :
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
---> Puis fais ceci :
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
Logfile of random's system information tool 1.05 (written by random/random)
Run by ct at 2009-01-15 02:42:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (41%) free of 16 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:42 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ct\Local Settings\Temporary Internet Files\Content.IE5\UL5GA7MP\RSIT[1].exe
C:\Program Files\trend micro\ct.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.265.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ??????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ??????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ?????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231084573_ec0ec467e31d8b3efbd6454bc898035d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Run by ct at 2009-01-15 02:42:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (41%) free of 16 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:42 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ct\Local Settings\Temporary Internet Files\Content.IE5\UL5GA7MP\RSIT[1].exe
C:\Program Files\trend micro\ct.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.265.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ??????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ??????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ?????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231084573_ec0ec467e31d8b3efbd6454bc898035d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
je te les renvoie au cas ou ce n'est pas suffisament clair. d'abord le notepad
info.txt logfile of random's system information tool 1.05 2009-01-15 02:42:46
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
360±£ÏÕÏä-->C:\Program Files\360Safebox\uninst.exe
360°²È«ÎÀÊ¿-->C:\Program Files\360safe\uninst.exe
ACDSee 6.0 Standard-->MsiExec.exe /I{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}
Adobe Acrobat 7.0 Professional - ChineseS-->msiexec /I {AC76BA86-2052-0000-7760-100000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB931678-v2)-->"C:\WINDOWS\$NtUninstallKB931678-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB934428-v3)-->"C:\WINDOWS\$NtUninstallKB934428-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB940275-v3)-->"C:\WINDOWS\$NtUninstallKB940275-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB944043-v3)-->"C:\WINDOWS\$NtUninstallKB944043-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB951830)-->"C:\WINDOWS\$NtUninstallKB951830$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"
Powerword 2005-->MsiExec.exe /I{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950582)-->"C:\WINDOWS\$NtUninstallKB950582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sogou Chinese Input 3.0 Final (3.0.3.0167)-->"C:\Program Files\SogouInput\Uninstall.exe"
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB958752)-->"C:\WINDOWS\$NtUninstallKB958752$\spuninst\spuninst.exe"
USB PC Camera (SN9C102)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB886677-->C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Kaspersky Anti-Virus (disabled) (outdated)
System event log
Computer Name: CT-0089F8008462
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.
Record Number: 4852
Source Name: Service Control Manager
Time Written: 20081207173805.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 4851
Source Name: Service Control Manager
Time Written: 20081207173801.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.
Record Number: 4850
Source Name: Service Control Manager
Time Written: 20081207173801.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: CT-0089F8008462
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.
Record Number: 4849
Source Name: Service Control Manager
Time Written: 20081207173800.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.
Record Number: 4848
Source Name: Service Control Manager
Time Written: 20081207173800.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM
Application event log
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20030107124722.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20030107124720.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20030107124553.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20030107124531.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20030107124530.000000+480
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Ringz Studio\Storm Codec\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTJava.zip
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-15 02:42:46
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
360±£ÏÕÏä-->C:\Program Files\360Safebox\uninst.exe
360°²È«ÎÀÊ¿-->C:\Program Files\360safe\uninst.exe
ACDSee 6.0 Standard-->MsiExec.exe /I{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}
Adobe Acrobat 7.0 Professional - ChineseS-->msiexec /I {AC76BA86-2052-0000-7760-100000000002}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB931678-v2)-->"C:\WINDOWS\$NtUninstallKB931678-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB934428-v3)-->"C:\WINDOWS\$NtUninstallKB934428-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB940275-v3)-->"C:\WINDOWS\$NtUninstallKB940275-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB944043-v3)-->"C:\WINDOWS\$NtUninstallKB944043-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB951830)-->"C:\WINDOWS\$NtUninstallKB951830$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0-->MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerDVD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"
Powerword 2005-->MsiExec.exe /I{5071F84A-FF33-4D2D-BD96-FCF45A201FF4}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950582)-->"C:\WINDOWS\$NtUninstallKB950582$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sogou Chinese Input 3.0 Final (3.0.3.0167)-->"C:\Program Files\SogouInput\Uninstall.exe"
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB958752)-->"C:\WINDOWS\$NtUninstallKB958752$\spuninst\spuninst.exe"
USB PC Camera (SN9C102)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB886677-->C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Kaspersky Anti-Virus (disabled) (outdated)
System event log
Computer Name: CT-0089F8008462
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.
Record Number: 4852
Source Name: Service Control Manager
Time Written: 20081207173805.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 4851
Source Name: Service Control Manager
Time Written: 20081207173801.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.
Record Number: 4850
Source Name: Service Control Manager
Time Written: 20081207173801.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: CT-0089F8008462
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.
Record Number: 4849
Source Name: Service Control Manager
Time Written: 20081207173800.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.
Record Number: 4848
Source Name: Service Control Manager
Time Written: 20081207173800.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM
Application event log
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20030107124722.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20030107124720.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20030107124553.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20030107124531.000000+480
Event Type: information
User:
Computer Name: CT-0089F8008462
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20030107124530.000000+480
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Ringz Studio\Storm Codec\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTJava.zip
-----------------EOF-----------------
et le second :
Logfile of random's system information tool 1.05 (written by random/random)
Run by ct at 2009-01-15 02:42:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (41%) free of 16 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:42 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ct\Local Settings\Temporary Internet Files\Content.IE5\UL5GA7MP\RSIT[1].exe
C:\Program Files\trend micro\ct.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.265.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ??????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ??????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ?????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231084573_ec0ec467e31d8b3efbd6454bc898035d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by ct at 2009-01-15 02:42:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 7 GB (41%) free of 16 GB
Total RAM: 1023 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:42:42 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\360Safebox\safeboxTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ct\Local Settings\Temporary Internet Files\Content.IE5\UL5GA7MP\RSIT[1].exe
C:\Program Files\trend micro\ct.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.265.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - HKLM\..\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ??????? Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: ??????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ?????????? PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231084573_ec0ec467e31d8b3efbd6454bc898035d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
14 janv. 2009 à 20:00
14 janv. 2009 à 20:00
/!\ Seul frenchbei, peut suivre cette procédure /!\
1/
---> Ouvre le Bloc-notes.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
Driver::
SafeBoxKrnl
Folder::
C:\Program Files\360safe
C:\Program Files\360Safebox
C:\Documents and Settings\ct\Application Data\360Safe
C:\Documents and Settings\All Users\Application Data\360safe
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"360Safebox"=-
"360Safetray"=-
DirLook::
C:\Documents and Settings\ct\Application Data\SogouPY
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier KillTibs.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
1/
---> Ouvre le Bloc-notes.
---> Copie le texte ci-dessous par sélection puis Ctrl+C :
KillAll::
Driver::
SafeBoxKrnl
Folder::
C:\Program Files\360safe
C:\Program Files\360Safebox
C:\Documents and Settings\ct\Application Data\360Safe
C:\Documents and Settings\All Users\Application Data\360safe
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"360Safebox"=-
"360Safetray"=-
DirLook::
C:\Documents and Settings\ct\Application Data\SogouPY
---> Colle la sélection dans le bloc-notes
---> Enregistre ce fichier sur le bureau (Impératif)
---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes
2/
---> Fait un glisser/déposer de ce fichier CFScript sur le fichier KillTibs.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif
[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.
[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
[*] Une fois le scan achevé, un rapport va s'afficher : poste-le
[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\Combofix.txt
ComboFix 09-01-13.04 - ct 2009-01-15 3:07:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.618 [GMT 8:00]
Running from: c:\documents and settings\ct\Desktop\KillTibs.exe
Command switches used :: c:\documents and settings\ct\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\360safe
c:\documents and settings\ct\Application Data\360Safe
c:\documents and settings\ct\Application Data\360Safe\rssinfo2.dat
c:\program files\360safe
c:\program files\360safe\ÐÞ¸´¹¤¾ß.exe
c:\program files\360safe\360.log
c:\program files\360safe\360hotfix.exe
c:\program files\360safe\360net.dll
c:\program files\360safe\360rpt.exe
c:\program files\360safe\360Safe.exe
c:\program files\360safe\360safeup.exe
c:\program files\360safe\360ss.dat
c:\program files\360safe\360verify.dll
c:\program files\360safe\AntiActi.dll
c:\program files\360safe\AntiAdwa.dll
c:\program files\360safe\AntiArp\AntiArp.exe
c:\program files\360safe\AntiArp\dpath.ini
c:\program files\360safe\AntiArp\fixedwl.dat
c:\program files\360safe\AntiArp\packet.inf
c:\program files\360safe\AntiArp\ProtoDrv.sys
c:\program files\360safe\AntiArp\snetcfg.exe
c:\program files\360safe\AntiEng.dll
c:\program files\360safe\antiRK.dll
c:\program files\360safe\antispy.dll
c:\program files\360safe\boxmod.exe
c:\program files\360safe\CleanHis.dll
c:\program files\360safe\extdb\extdbup.ini
c:\program files\360safe\file.zip
c:\program files\360safe\hotfix\office2003-KB950380-FullFile-ENU.exe
c:\program files\360safe\hotfix\soft\AdbeRdr90_zh_CN.exe
c:\program files\360safe\hotfix\WindowsXP-KB934428-v3-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB937894-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB940275-v3-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB941569-x86-ENU.EXE
c:\program files\360safe\hotfix\WindowsXP-KB943055-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB943485-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB944043-v3-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB944653-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB946026-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB948590-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB950582-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB951830-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB953155-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB958752-x86-ENU.exe
c:\program files\360safe\hotsoft.dat
c:\program files\360safe\LeakCheck.dll
c:\program files\360safe\LeakFilelog.ini
c:\program files\360safe\LibActi.dat
c:\program files\360safe\Libclsid.dat
c:\program files\360safe\LibDefa.dat
c:\program files\360safe\libdll.dat
c:\program files\360safe\libdrv.dat
c:\program files\360safe\libleak.dat
c:\program files\360safe\libleak2.dat
c:\program files\360safe\LibRun.dat
c:\program files\360safe\libspyer.dat
c:\program files\360safe\libspyerp.dat
c:\program files\360safe\libspywa.dat
c:\program files\360safe\LibSpywa1.dat
c:\program files\360safe\LibSrv.dat
c:\program files\360safe\LibTask.dat
c:\program files\360safe\libup.ini
c:\program files\360safe\libwhite.dat
c:\program files\360safe\links.ini
c:\program files\360safe\links\links.dll
c:\program files\360safe\links\scconfig.ini
c:\program files\360safe\live.dll
c:\program files\360safe\makereport.exe
c:\program files\360safe\modules\360cav.dll
c:\program files\360safe\modules\infocust.dll
c:\program files\360safe\mphreport.dll
c:\program files\360safe\rptup.dll
c:\program files\360safe\safeext.dll
c:\program files\360safe\safemon\360krnl.dat
c:\program files\360safe\safemon\360mon.dat
c:\program files\360safe\safemon\360tray.exe
c:\program files\360safe\safemon\config.ini
c:\program files\360safe\safemon\execrule.dat
c:\program files\360safe\safemon\leakinfo.dat
c:\program files\360safe\safemon\leakinfo2.dat
c:\program files\360safe\safemon\safekrnl.dat
c:\program files\360safe\safemon\safekrnl.dll
c:\program files\360safe\safemon\safemon.dll
c:\program files\360safe\safemon\siterule.dat
c:\program files\360safe\safemon\whitelist.dat
c:\program files\360safe\softleak.dat
c:\program files\360safe\SoftMgr\360sfchk.dll
c:\program files\360safe\SoftMgr\cataloglib.dat
c:\program files\360safe\SoftMgr\essgame.dat
c:\program files\360safe\SoftMgr\esslib.dat
c:\program files\360safe\SoftMgr\esslibupdate.exe
c:\program files\360safe\SoftMgr\ico\ÍòÄÜÎå±ÊÊäÈë·¨.ico
c:\program files\360safe\SoftMgr\ico\·ÉÐÅ(Fetion).ico
c:\program files\360safe\SoftMgr\ico\¿ì³µ(FlashGet).ico
c:\program files\360safe\SoftMgr\ico\¿ì²¥(QvodPlayer).ico
c:\program files\360safe\SoftMgr\ico\¿á¹·ÒôÀÖ2008.ico
c:\program files\360safe\SoftMgr\ico\¿áÎÒÒôÀÖºÐ.ico
c:\program files\360safe\SoftMgr\ico\·çÐÐÍøÂçµçÓ°.ico
c:\program files\360safe\SoftMgr\ico\ÌÚѶQQ.ico
c:\program files\360safe\SoftMgr\ico\´óÖÇ»Û.ico
c:\program files\360safe\SoftMgr\ico\¹È¸è½ðɽ´Ê°Ô.ico
c:\program files\360safe\SoftMgr\ico\¹È¸èÆ´ÒôÊäÈë·¨.ico
c:\program files\360safe\SoftMgr\ico\¹È¸èä¯ÀÀÆ÷.ico
c:\program files\360safe\SoftMgr\ico\懨.ico
c:\program files\360safe\SoftMgr\ico\ѸÀ×5.ico
c:\program files\360safe\SoftMgr\ico\Ëѹ·Æ´ÒôÊäÈë·¨.ico
c:\program files\360safe\SoftMgr\ico\Áé¸ñ˹´Ê°Ô.ico
c:\program files\360safe\SoftMgr\ico\²¨²¨»¢ÊÓƵÓéÀÖÈí¼þ.ico
c:\program files\360safe\SoftMgr\ico\±ÈÌؾ«Áé.ico
c:\program files\360safe\SoftMgr\ico\10JQKA.ico
c:\program files\360safe\SoftMgr\ico\360°²È«ÎÀÊ¿.ico
c:\program files\360safe\SoftMgr\ico\360°²È«ä¯ÀÀÆ÷.ico
c:\program files\360safe\SoftMgr\ico\360±£ÏÕÏä.ico
c:\program files\360safe\SoftMgr\ico\360safe.ico
c:\program files\360safe\SoftMgr\ico\360safebox.ico
c:\program files\360safe\SoftMgr\ico\360se.ico
c:\program files\360safe\SoftMgr\ico\7-Zip.ico
c:\program files\360safe\SoftMgr\ico\ACDSEE.ico
c:\program files\360safe\SoftMgr\ico\Adobe Reader.ico
c:\program files\360safe\SoftMgr\ico\Bitcomet.ico
c:\program files\360safe\SoftMgr\ico\bobohu.ico
c:\program files\360safe\SoftMgr\ico\chrome.ico
c:\program files\360safe\SoftMgr\ico\DAEMON Tools.ico
c:\program files\360safe\SoftMgr\ico\dzh.ico
c:\program files\360safe\SoftMgr\ico\easyMule.ico
c:\program files\360safe\SoftMgr\ico\emoney.ico
c:\program files\360safe\SoftMgr\ico\ESET NOD32·À²¡¶¾360רÓðæ.ico
c:\program files\360safe\SoftMgr\ico\Fetion.ico
c:\program files\360safe\SoftMgr\ico\FlashGet.ico
c:\program files\360safe\SoftMgr\ico\Foobar2000.ico
c:\program files\360safe\SoftMgr\ico\Funshion.ico
c:\program files\360safe\SoftMgr\ico\GLWORLD.ico
c:\program files\360safe\SoftMgr\ico\googlepy.ico
c:\program files\360safe\SoftMgr\ico\hfsetup.ico
c:\program files\360safe\SoftMgr\ico\Internet Explorer.ico
c:\program files\360safe\SoftMgr\ico\iSpeak.ico
c:\program files\360safe\SoftMgr\ico\KMPlayer.ico
c:\program files\360safe\SoftMgr\ico\koowo.ico
c:\program files\360safe\SoftMgr\ico\kugou.ico
c:\program files\360safe\SoftMgr\ico\lingoes.ico
c:\program files\360safe\SoftMgr\ico\Mozilla Firefox.ico
c:\program files\360safe\SoftMgr\ico\MSN.ico
c:\program files\360safe\SoftMgr\ico\MSNÃâ·ÑÁÄÌìÈí¼þ.ico
c:\program files\360safe\SoftMgr\ico\nod32.ico
c:\program files\360safe\SoftMgr\ico\Picasa.ico
c:\program files\360safe\SoftMgr\ico\pipi.ico
c:\program files\360safe\SoftMgr\ico\powerwordlite.ico
c:\program files\360safe\SoftMgr\ico\PPLive.ico
c:\program files\360safe\SoftMgr\ico\PPStream.ico
c:\program files\360safe\SoftMgr\ico\PPStreamÃâ·ÑÍøÂçµçÊÓ.ico
c:\program files\360safe\SoftMgr\ico\QQ.ico
c:\program files\360safe\SoftMgr\ico\QQ³¬¼¶Ðý·ç.ico
c:\program files\360safe\SoftMgr\ico\QQÖ±²¥.ico
c:\program files\360safe\SoftMgr\ico\QQÓÎÏ·´óÌü.ico
c:\program files\360safe\SoftMgr\ico\QQÓ°Òô.ico
c:\program files\360safe\SoftMgr\ico\QQdownload.ico
c:\program files\360safe\SoftMgr\ico\QQGame.ico
c:\program files\360safe\SoftMgr\ico\QQLive.ico
c:\program files\360safe\SoftMgr\ico\QQPlayer.ico
c:\program files\360safe\SoftMgr\ico\QvodPlayer.ico
c:\program files\360safe\SoftMgr\ico\RepairLeak.ico
c:\program files\360safe\SoftMgr\ico\Safari.ico
c:\program files\360safe\SoftMgr\ico\Skype.ico
c:\program files\360safe\SoftMgr\ico\SkypeÃâ·ÑÍøÂçµç»°.ico
c:\program files\360safe\SoftMgr\ico\Sogoupy.ico
c:\program files\360safe\SoftMgr\ico\Thunder.ico
c:\program files\360safe\SoftMgr\ico\utgame.ico
c:\program files\360safe\SoftMgr\ico\UUCall.ico
c:\program files\360safe\SoftMgr\ico\UUSee.ico
c:\program files\360safe\SoftMgr\ico\UUSeeÍøÂçµçÊÓ.ico
c:\program files\360safe\SoftMgr\ico\Winamp.ico
c:\program files\360safe\SoftMgr\ico\WinRAR.ico
c:\program files\360safe\SoftMgr\ico\wnwb.ico
c:\program files\360safe\SoftMgr\ico\WPS Office.ico
c:\program files\360safe\SoftMgr\ico\YoudaoDict.ico
c:\program files\360safe\SoftMgr\libgame.dat
c:\program files\360safe\SoftMgr\poplib.dat
c:\program files\360safe\SoftMgr\softimage\softimage12.jpg
c:\program files\360safe\SoftMgr\softimage\softimage15.jpg
c:\program files\360safe\SoftMgr\softimage\softimage18.jpg
c:\program files\360safe\SoftMgr\softimage\softimage21.jpg
c:\program files\360safe\SoftMgr\softimage\softimage22.jpg
c:\program files\360safe\SoftMgr\softimage\softimage23.jpg
c:\program files\360safe\SoftMgr\softimage\softimage24.jpg
c:\program files\360safe\SoftMgr\softimage\softimage25.JPG
c:\program files\360safe\SoftMgr\SoftManager.exe
c:\program files\360safe\SoftMgr\softorder.dat
c:\program files\360safe\SoftMgr\softup.dat
c:\program files\360safe\SoftMgr\SoftWareMgr.dll
c:\program files\360safe\SoftMgr\TopSoft.dat
c:\program files\360safe\spylog.log
c:\program files\360safe\uninst.exe
c:\program files\360safe\WinSockLSP.reg
c:\program files\360safe\WinSockLSPIFSL.reg
c:\program files\360Safebox
c:\program files\360Safebox\360.dat
c:\program files\360Safebox\360safebox.exe
c:\program files\360Safebox\360U.dat
c:\program files\360Safebox\AntiAdwa.dll
c:\program files\360Safebox\antispy.dll
c:\program files\360Safebox\box.dat
c:\program files\360Safebox\boxU.dat
c:\program files\360Safebox\dpath.ini
c:\program files\360Safebox\GFCfg.ini
c:\program files\360Safebox\GuardField.exe
c:\program files\360Safebox\icon\ÍøÒ×ÅÝÅÝ(POPO).ico
c:\program files\360Safebox\icon\ͬ»¨Ë³2008.ico
c:\program files\360Safebox\icon\ħÊÞÊÀ½ç.ico
c:\program files\360Safebox\icon\º£Ö®ÀÖÕÂ-Æôº½.ico
c:\program files\360Safebox\icon\º£µÁÍõonline.ico
c:\program files\360Safebox\icon\³à±Ú.ico
c:\program files\360Safebox\icon\Õù°ÔÌìÏÂ.ico
c:\program files\360Safebox\icon\Éñ½ç.ico
c:\program files\360Safebox\icon\ÖïÏÉ.ico
c:\program files\360Safebox\icon\Õ÷;.ico
c:\program files\360Safebox\icon\ÕÐÉÌÒøÐÐ.ico
c:\program files\360Safebox\icon\ÖйúÒøÐÐ.ico
c:\program files\360Safebox\icon\ÕÐÐÐרҵ°æ.ico
c:\program files\360Safebox\icon\ÖÐÐÅÒøÐÐ.ico
c:\program files\360Safebox\icon\·ÉÐÅ.ico
c:\program files\360Safebox\icon\·½Õý֤ȯͬ»¨Ë³ÍêÃÀ°æ.ico
c:\program files\360Safebox\icon\»ªÏÄÒøÐÐ.ico
c:\program files\360Safebox\icon\»ªÎ÷֤ȯÍøÉϽ»Ò×.ico
c:\program files\360Safebox\icon\»ªÎ÷֤ȯÍøÉÏÐÐÇé.ico
c:\program files\360Safebox\icon\»úÕ½.ico
c:\program files\360Safebox\icon\ÈÈѪ½ºþ.ico
c:\program files\360Safebox\icon\ÈÈÎèÅɶÔ.ico
c:\program files\360Safebox\icon\Èý¹úÕù°Ô.ico
c:\program files\360Safebox\icon\½¨ÉèÒøÐÐ.ico
c:\program files\360Safebox\icon\½ÖÍ·ÀºÇò.ico
c:\program files\360Safebox\icon\½»Í¨ÒøÐÐ.ico
c:\program files\360Safebox\icon\¾¢ÎèÍÅ.ico
c:\program files\360Safebox\icon\ÌÚѶQQ.ico
c:\program files\360Safebox\icon\ÌÚѶTM.ico
c:\program files\360Safebox\icon\ÃλÃÎ÷ÓÎ.ico
c:\program files\360Safebox\icon\Ææ¼£ÊÀ½ç.ico
c:\program files\360Safebox\icon\ÌìÏÂ.ico
c:\program files\360Safebox\icon\ÌìÁú°Ë²¿.ico
c:\program files\360Safebox\icon\´óÖÇ»Û.ico
c:\program files\360Safebox\icon\´ó»°Î÷ÓÎII.ico
c:\program files\360Safebox\icon\´ó»°Î÷ÓÎIII.ico
c:\program files\360Safebox\icon\´óÌƺÀÏÀ.ico
c:\program files\360Safebox\icon\µ¶½£Online.ico
c:\program files\360Safebox\icon\¹úÌ©¾ý°²¸»Ò×֤ȯ½»Ò×.ico
c:\program files\360Safebox\icon\´«ÆæÊÀ½ç.ico
c:\program files\360Safebox\icon\¹¤ÉÌÒøÐÐ.ico
c:\program files\360Safebox\icon\¹â´óÒøÐÐ.ico
c:\program files\360Safebox\icon\¹ã¶«·¢Õ¹ÒøÐÐ.ico
c:\program files\360Safebox\icon\ÐÂÀËUC.ico
c:\program files\360Safebox\icon\ÐËÒµÒøÐÐ.ico
c:\program files\360Safebox\icon\УÄÚͨ.ico
c:\program files\360Safebox\icon\Å©ÒµÒøÐÐ.ico
c:\program files\360Safebox\icon\׿Խ֮½£.ico
c:\program files\360Safebox\icon\ÎʵÀ.ico
c:\program files\360Safebox\icon\ÅÜÅÜ¿¨¶¡³µ.ico
c:\program files\360Safebox\icon\±±¾©ÒøÐÐ.ico
c:\program files\360Safebox\icon\°¢ÀïÍúÍú(óÒ×ͨ°æ).ico
c:\program files\360Safebox\icon\°¢ÀïÍúÍú(ÌÔ±¦°æ).ico
c:\program files\360Safebox\icon\51¹Ò¹Ò.ico
c:\program files\360Safebox\icon\msn.ico
c:\program files\360Safebox\icon\Skype.ico
c:\program files\360Safebox\Inject_log.dat
c:\program files\360Safebox\LeakCheck.dll
c:\program files\360Safebox\libleak.dat
c:\program files\360Safebox\libleak2.dat
c:\program files\360Safebox\libspyerp.dat
c:\program files\360Safebox\libspywa.dat
c:\program files\360Safebox\ListBlack.dat
c:\program files\360Safebox\ListBlackO.dat
c:\program files\360Safebox\ListBlackUser.dat
c:\program files\360Safebox\ListPreDef.dat
c:\program files\360Safebox\ListPreDefEx.dat
c:\program files\360Safebox\ListUserDef.dat
c:\program files\360Safebox\liveupdate.dll
c:\program files\360Safebox\liveupdate.ini
c:\program files\360Safebox\rptup.dll
c:\program files\360Safebox\safebank.exe
c:\program files\360Safebox\SafeboxApi.dll
c:\program files\360Safebox\SafeboxKrnl.sys
c:\program files\360Safebox\safeboxTray.exe
c:\program files\360Safebox\safeext.dll
c:\program files\360Safebox\Scan_log.dat
c:\program files\360Safebox\ScanImage\{0040E0BA-3081-4234-8D8A-80852C33DFCB}.jpg
c:\program files\360Safebox\ScanImage\{01EDD534-54DC-42FD-BA3A-C68C5E39E25F}.jpg
c:\program files\360Safebox\ScanImage\{03519879-A844-4E30-949D-EF3B55201812}.jpg
c:\program files\360Safebox\ScanImage\{05FEBA33-6634-4173-9630-C42B21E51A14}.jpg
c:\program files\360Safebox\ScanImage\{0684B982-8102-4FE0-8370-B7AA3449F134}.jpg
c:\program files\360Safebox\ScanImage\{074B0A2A-0ED8-4130-92B4-1BEFBC7B58BA}.jpg
c:\program files\360Safebox\ScanImage\{0BCA6976-A25C-4EAC-85F5-727894E390A5}.jpg
c:\program files\360Safebox\ScanImage\{10F19848-2B9A-4A3D-8D1D-8FA01561B3B1}.jpg
c:\program files\360Safebox\ScanImage\{11960474-9240-4B2C-BEB5-1247C343209D}.jpg
c:\program files\360Safebox\ScanImage\{12D7ABC1-E8FB-4521-AEEF-DDC1D128A9F2}.jpg
c:\program files\360Safebox\ScanImage\{1AFC0CFB-30FD-41E9-95AE-B66DBA0F0838}.jpg
c:\program files\360Safebox\ScanImage\{1C70A896-ECC1-44E5-8B2D-410EA28DFB26}.jpg
c:\program files\360Safebox\ScanImage\{1D2E4B19-E96A-4F51-A18C-5838A5CDB5BE}.jpg
c:\program files\360Safebox\ScanImage\{1EB7C8BA-D821-4342-BF7F-4B13B976BEF6}.jpg
c:\program files\360Safebox\ScanImage\{1F35EC8E-9846-42A0-A810-74A974F2501E}.jpg
c:\program files\360Safebox\ScanImage\{203329BF-D20F-48C4-ACC8-73575B8A2A31}.jpg
c:\program files\360Safebox\ScanImage\{26048221-6C4D-4A5B-A424-DDCD48388A65}.jpg
c:\program files\360Safebox\ScanImage\{2C8A55F4-E7E9-4C48-A713-A5A6AFC0E696}.jpg
c:\program files\360Safebox\ScanImage\{2E9B8123-EF59-49CD-89B9-37D6670C0F34}.jpg
c:\program files\360Safebox\ScanImage\{3154A485-47CD-41C0-9565-2AAB1CD17053}.jpg
c:\program files\360Safebox\ScanImage\{324EEAA3-7D62-4C13-B615-D68D5C2D60C6}.jpg
c:\program files\360Safebox\ScanImage\{32E4D7D1-F8A0-424A-B1E2-B6FF8C1E447D}.jpg
c:\program files\360Safebox\ScanImage\{35A91883-5F41-43E6-98EC-7EC854A3277C}.jpg
c:\program files\360Safebox\ScanImage\{37DC5B1B-22C8-4593-BF9A-C9E151ACD682}.jpg
c:\program files\360Safebox\ScanImage\{3B3AEAB9-C9E5-48D5-BCFC-4497F4AA80AB}.jpg
c:\program files\360Safebox\ScanImage\{3B6A3B30-B4E4-4AA5-87EF-693962AA0C2C}.jpg
c:\program files\360Safebox\ScanImage\{3C93221B-7CE5-4F32-B445-734F8EBA688A}.jpg
c:\program files\360Safebox\ScanImage\{3CB7DFEF-93D1-4BF2-BA95-FB4756F4AACC}.jpg
c:\program files\360Safebox\ScanImage\{3D1F929B-421D-4395-81D2-F9B6EAE2BD02}.jpg
c:\program files\360Safebox\ScanImage\{3E84C372-89B9-42BB-8A69-A3CCF0EBE436}.jpg
c:\program files\360Safebox\ScanImage\{4097E456-BD55-4E7E-B74F-5134767CCE1A}.jpg
c:\program files\360Safebox\ScanImage\{437BCF38-D7F9-4385-8C4C-D24378467900}.jpg
c:\program files\360Safebox\ScanImage\{4809ED94-0213-4ABB-8D14-84DE2282797E}.jpg
c:\program files\360Safebox\ScanImage\{49E70904-BE67-450C-9A5B-BB55EC9341B0}.jpg
c:\program files\360Safebox\ScanImage\{4A73766E-60F0-478B-8654-1817AA45DF9A}.jpg
c:\program files\360Safebox\ScanImage\{4B377CD3-1ED7-4A67-A9FD-0A4A0AC5802C}.jpg
c:\program files\360Safebox\ScanImage\{4B5F62AB-F606-4C3A-9197-1167994B6EAF}.jpg
c:\program files\360Safebox\ScanImage\{4E59DC98-AEF0-4BEA-AD46-4FAB89063A3E}.jpg
c:\program files\360Safebox\ScanImage\{4F58B3E6-AE04-42D0-9B04-1A48CEBDA3D3}.jpg
c:\program files\360Safebox\ScanImage\{4F8A1FDB-4429-41CD-A098-93ABB20A8E60}.jpg
c:\program files\360Safebox\ScanImage\{52CA624A-6AE2-4B11-9D45-FBB006519B08}.jpg
c:\program files\360Safebox\ScanImage\{52E23F29-16B9-4132-ADEC-D6F7EA017E93}.jpg
c:\program files\360Safebox\ScanImage\{5C9C8F57-D0AA-488D-9640-C8200CE1A017}.jpg
c:\program files\360Safebox\ScanImage\{5F9616A3-E360-42A5-A4A8-FA1E5A31F2A7}.jpg
c:\program files\360Safebox\ScanImage\{5FA0975F-8915-4B4E-B55A-0E1501EEB946}.jpg
c:\program files\360Safebox\ScanImage\{62B8E217-4519-4284-84E4-34C2DDD4B526}.jpg
c:\program files\360Safebox\ScanImage\{64146533-80D9-4667-87FF-916923E48BAF}.jpg
c:\program files\360Safebox\ScanImage\{6820783F-3E9D-4FEE-9A91-5C5E7E4F7975}.jpg
c:\program files\360Safebox\ScanImage\{6C2BB878-59CC-4BC3-A1D8-A5A85846026C}.jpg
c:\program files\360Safebox\ScanImage\{6C4E3BE5-6D59-44E9-A8A8-8E433C6EAB9B}.jpg
c:\program files\360Safebox\ScanImage\{6D8900E0-DDC9-4AE4-A2BF-00B1F08BA592}.jpg
c:\program files\360Safebox\ScanImage\{6D9FE449-5172-4F96-9929-B880AF95F0CA}.jpg
c:\program files\360Safebox\ScanImage\{6F36342E-BD56-4BC6-8ACB-6B0BE145EC2A}.jpg
c:\program files\360Safebox\ScanImage\{6F6FAE38-3F2A-41F6-9C35-CF10C345CC2D}.jpg
c:\program files\360Safebox\ScanImage\{7239991E-4835-462C-BC1C-2448A45C4FE4}.jpg
c:\program files\360Safebox\ScanImage\{73CA38AA-6686-4C7E-94A3-E520CE83E6F1}.jpg
c:\program files\360Safebox\ScanImage\{74CE787C-E8B7-4EAB-9006-5DD730796C80}.jpg
c:\program files\360Safebox\ScanImage\{75E3F4FA-3C13-4FB6-B59B-37E91FBD5A24}.jpg
c:\program files\360Safebox\ScanImage\{7793C7F5-5B69-4AAD-891F-61640E190E87}.jpg
c:\program files\360Safebox\ScanImage\{7860DA3A-7C7C-459A-B366-144DCB7993A1}.jpg
c:\program files\360Safebox\ScanImage\{7D13FBBF-FCA4-49C1-87D8-D22B1B1A1EC6}.jpg
c:\program files\360Safebox\ScanImage\{7D67C0D8-83FB-48C9-ADBB-8ED6EEEFD4F7}.jpg
c:\program files\360Safebox\ScanImage\{8423DF37-351D-458E-91A6-47CA0C8CFD0C}.jpg
c:\program files\360Safebox\ScanImage\{84E67994-1831-42F2-9839-033FBD726267}.jpg
c:\program files\360Safebox\ScanImage\{878B7123-4A58-4D36-A736-BE2D664C1EF1}.jpg
c:\program files\360Safebox\ScanImage\{8B25466B-9576-40E2-8B8C-89056AFC34AD}.jpg
c:\program files\360Safebox\ScanImage\{90C6F871-6D64-481E-8A15-95416E09B377}.jpg
c:\program files\360Safebox\ScanImage\{9AC102B4-21DD-456E-961A-EB285583BA7B}.jpg
c:\program files\360Safebox\ScanImage\{9B0467FC-9C0F-44F5-9E9C-E9B060843863}.jpg
c:\program files\360Safebox\ScanImage\{9DBDDC95-2529-4B13-A5E8-842E0C97CF78}.jpg
c:\program files\360Safebox\ScanImage\{9FC33B81-3693-4B3F-A053-A3EB2D9634C9}.jpg
c:\program files\360Safebox\ScanImage\{A059E3DE-5B39-4046-AB24-6EE1D8D67191}.jpg
c:\program files\360Safebox\ScanImage\{A0CF553A-DB8D-4E04-9993-217653E71080}.jpg
c:\program files\360Safebox\ScanImage\{A80C64B9-8046-4C22-A1BA-FFA7F184A012}.jpg
c:\program files\360Safebox\ScanImage\{AA73D070-7B3A-4F41-8738-512070089A49}.jpg
c:\program files\360Safebox\ScanImage\{ABBBA9E2-32EC-4202-8615-1ACC20916CC6}.jpg
c:\program files\360Safebox\ScanImage\{AD4EF6AE-6893-4221-855E-43B432C8E4B3}.jpg
c:\program files\360Safebox\ScanImage\{AD72BE8F-8097-40DD-B150-C24EB30EE975}.jpg
c:\program files\360Safebox\ScanImage\{AE4C9ED9-05E8-4BF7-82EA-E88E707ADDF7}.jpg
c:\program files\360Safebox\ScanImage\{AE989CB5-B2E0-4AC2-9AE0-84AC59716179}.jpg
c:\program files\360Safebox\ScanImage\{AEC3589F-D7F7-4264-A304-5DFD19795E86}.jpg
c:\program files\360Safebox\ScanImage\{B0A62EFF-A19F-4410-9940-891BB540591D}.jpg
c:\program files\360Safebox\ScanImage\{B2C11928-B567-4C06-96BF-7DCEC42033D6}.jpg
c:\program files\360Safebox\ScanImage\{B76E0382-9B7B-4013-B633-9731BE432122}.jpg
c:\program files\360Safebox\ScanImage\{B7800CD1-75EE-41D3-9CFC-7E9B051B84AD}.jpg
c:\program files\360Safebox\ScanImage\{B7B0EA89-33D5-4B3C-843D-C66D4D994C2F}.jpg
c:\program files\360Safebox\ScanImage\{B9B3E0B0-C6A6-43E7-A143-375EF734D60A}.jpg
c:\program files\360Safebox\ScanImage\{BA368FE5-C9E9-49BA-9CF8-8DC5D639C9D8}.jpg
c:\program files\360Safebox\ScanImage\{BD0A04AC-B3C5-465F-9210-0906EF614E8B}.jpg
c:\program files\360Safebox\ScanImage\{BE07311D-8F01-415E-A424-F33289C13523}.jpg
c:\program files\360Safebox\ScanImage\{C2590EC7-ADD2-4855-8696-E4E43F684E90}.jpg
c:\program files\360Safebox\ScanImage\{C37DBBA0-A01C-4CAF-8DEF-1D438ED516FA}.jpg
c:\program files\360Safebox\ScanImage\{C56DC4CE-863E-4DAB-995E-A550B6A5DE64}.jpg
c:\program files\360Safebox\ScanImage\{C7BFCCAB-F0D5-463F-8174-DA0A4862B2AF}.jpg
c:\program files\360Safebox\ScanImage\{C850D82A-21DA-45F3-B8C5-71EC3E05CE40}.jpg
c:\program files\360Safebox\ScanImage\{CF1FE2BB-F2AD-41CF-80C1-C1637D97AB79}.jpg
c:\program files\360Safebox\ScanImage\{CFCDECB6-401E-492D-9EB8-BB362F2EF213}.jpg
c:\program files\360Safebox\ScanImage\{D03ED5F6-6F01-4A87-B049-783F98626D96}.jpg
c:\program files\360Safebox\ScanImage\{D58F7282-BFAA-4E72-B48E-27E2A7A0FF1E}.jpg
c:\program files\360Safebox\ScanImage\{D7A2EB61-8F7F-44EE-BE56-540FBCFEC026}.jpg
c:\program files\360Safebox\ScanImage\{D86DCC6C-2D33-4716-A66D-CA3070E4234C}.jpg
c:\program files\360Safebox\ScanImage\{D911B431-C19B-4C5C-9F6C-CBFED72181A2}.jpg
c:\program files\360Safebox\ScanImage\{D92870B3-5419-44C6-9358-39CE0655913E}.jpg
c:\program files\360Safebox\ScanImage\{D9CFB159-75F5-42D0-A105-74BA44F62D60}.jpg
c:\program files\360Safebox\ScanImage\{DD935991-26AD-4CA6-B39B-787C54FF0CDF}.jpg
c:\program files\360Safebox\ScanImage\{DDCE1C34-D4C4-43C8-B797-1228D36073E1}.jpg
c:\program files\360Safebox\ScanImage\{DF4CE290-605E-47E3-A05C-18B8EA03426B}.jpg
c:\program files\360Safebox\ScanImage\{DFD91BA0-BFE5-4DAD-9FA5-F1C4981A558B}.jpg
c:\program files\360Safebox\ScanImage\{E74CDD95-56E3-404D-898D-03A50339E2EA}.jpg
c:\program files\360Safebox\ScanImage\{E7FE864B-A077-4084-8997-12B0D97990D4}.jpg
c:\program files\360Safebox\ScanImage\{E969BCEB-9088-4D00-8849-0E93D3649334}.jpg
c:\program files\360Safebox\ScanImage\{EA35008E-121F-4CB1-9570-5B0A5FA7F6E2}.jpg
c:\program files\360Safebox\ScanImage\{EB10EB0D-D0A3-40F1-88BB-45477B73E671}.jpg
c:\program files\360Safebox\ScanImage\{EB83C8D1-6320-46E7-9B59-F37F7C584A9B}.jpg
c:\program files\360Safebox\ScanImage\{EF0A59B2-073D-4796-8D56-C197E6DFF70A}.jpg
c:\program files\360Safebox\ScanImage\{F18AF506-A07E-4A61-8920-2B920DF0DF75}.jpg
c:\program files\360Safebox\ScanImage\{FDEBD829-D646-4DD1-9C1D-C137C7F056D8}.jpg
c:\program files\360Safebox\ScanImage\{FF33AC0C-CA2C-46C9-805E-567711D51773}.jpg
c:\program files\360Safebox\sprotect.ini
c:\program files\360Safebox\uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.
2009-01-15 02:42 . 2009-01-15 02:42 <DIR> d-------- C:\rsit
2009-01-15 02:42 . 2009-01-15 02:42 <DIR> d-------- c:\program files\trend micro
2009-01-15 02:30 . 2009-01-15 02:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 02:30 . 2009-01-15 02:30 <DIR> d-------- c:\documents and settings\ct\Application Data\Malwarebytes
2009-01-15 02:30 . 2009-01-15 02:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 02:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 02:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-13 23:19 . 2009-01-13 23:19 90 --ah----- C:\aaw7boot.cmd
2009-01-04 23:58 . 2009-01-04 23:58 <DIR> d-------- c:\windows\Sun
2009-01-04 23:57 . 2009-01-04 23:57 <DIR> d-------- c:\program files\Java
2009-01-04 23:57 . 2009-01-04 23:57 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 23:57 . 2009-01-04 23:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-04 18:23 . 2009-01-04 20:08 69 --a------ c:\windows\NeroDigital.ini
2008-12-21 00:34 . 2008-12-24 18:44 <DIR> d-------- c:\program files\eMule
2008-12-16 23:22 . 2009-01-04 23:50 <DIR> d-------- c:\program files\Bonjour
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iTunes
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iPod
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 19:13 7,062,304 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-14 19:12 97,700 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-14 19:12 12,692 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-14 19:12 102,432 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-14 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-13 16:37 --------- d-----w c:\program files\Google
2009-01-13 15:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-11 11:27 --------- d-----w c:\documents and settings\ct\Application Data\Skype
2008-12-29 12:10 --------- d-----w c:\documents and settings\ct\Application Data\SogouPY
2008-12-16 15:17 --------- d-----w c:\program files\Common Files\Apple
2008-12-12 03:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 03:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-01 13:06 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-01 13:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-01 13:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-01 12:26 --------- d-----w c:\program files\Kaspersky Lab
2008-12-01 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-07-17 17:34 19,153,264 ----a-w c:\program files\aaw2008.exe
2003-01-07 04:45 211 ----a-w c:\program files\Common Files\boob.ini
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\ct\Application Data\SogouPY ----
2008-12-29 20:10 9434 --a------ c:\documents and settings\ct\Application Data\SogouPY\sgim_usr.bin
2008-12-29 20:10 3498 --a------ c:\documents and settings\ct\Application Data\SogouPY\env.ini
2008-12-29 18:08 810 --a------ c:\documents and settings\ct\Application Data\SogouPY\scdlist.ini
2008-12-29 18:08 1683860 --a------ c:\documents and settings\ct\Application Data\SogouPY\sgim_ext.bin
2008-07-17 21:46 157746 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\??300?.scel
2008-07-17 21:46 15290 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\????top180.scel
2008-07-17 21:46 149206 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\??????.scel
2008-07-17 21:46 149206 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\??????.scel
2008-07-17 21:46 149206 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\?????.scel
2007-06-25 17:45 205730 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\????.scel
((((((((((((((((((((((((((((( snapshot@2009-01-15_ 2.10.23.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2007-07-27 01:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-01-14 19:13:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_144.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 97357]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-08 c:\windows\RTHDCPL.EXE]
c:\documents and settings\ct\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-24 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kingsoft\\PowerWord 2005\\XDICT.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://VeryCD.265.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ??????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ?????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 03:13:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(928)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2009-01-15 3:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-14 19:15:02
ComboFix2.txt 2009-01-14 18:11:26
Pre-Run: 6,991,077,376 bytes free
Post-Run: 6,910,001,152 bytes free
612 --- E O F --- 2009-01-14 19:01:42
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.618 [GMT 8:00]
Running from: c:\documents and settings\ct\Desktop\KillTibs.exe
Command switches used :: c:\documents and settings\ct\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\360safe
c:\documents and settings\ct\Application Data\360Safe
c:\documents and settings\ct\Application Data\360Safe\rssinfo2.dat
c:\program files\360safe
c:\program files\360safe\ÐÞ¸´¹¤¾ß.exe
c:\program files\360safe\360.log
c:\program files\360safe\360hotfix.exe
c:\program files\360safe\360net.dll
c:\program files\360safe\360rpt.exe
c:\program files\360safe\360Safe.exe
c:\program files\360safe\360safeup.exe
c:\program files\360safe\360ss.dat
c:\program files\360safe\360verify.dll
c:\program files\360safe\AntiActi.dll
c:\program files\360safe\AntiAdwa.dll
c:\program files\360safe\AntiArp\AntiArp.exe
c:\program files\360safe\AntiArp\dpath.ini
c:\program files\360safe\AntiArp\fixedwl.dat
c:\program files\360safe\AntiArp\packet.inf
c:\program files\360safe\AntiArp\ProtoDrv.sys
c:\program files\360safe\AntiArp\snetcfg.exe
c:\program files\360safe\AntiEng.dll
c:\program files\360safe\antiRK.dll
c:\program files\360safe\antispy.dll
c:\program files\360safe\boxmod.exe
c:\program files\360safe\CleanHis.dll
c:\program files\360safe\extdb\extdbup.ini
c:\program files\360safe\file.zip
c:\program files\360safe\hotfix\office2003-KB950380-FullFile-ENU.exe
c:\program files\360safe\hotfix\soft\AdbeRdr90_zh_CN.exe
c:\program files\360safe\hotfix\WindowsXP-KB934428-v3-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB937894-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB940275-v3-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB941569-x86-ENU.EXE
c:\program files\360safe\hotfix\WindowsXP-KB943055-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB943485-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB944043-v3-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB944653-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB946026-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB948590-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB950582-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB951830-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB953155-x86-ENU.exe
c:\program files\360safe\hotfix\WindowsXP-KB958752-x86-ENU.exe
c:\program files\360safe\hotsoft.dat
c:\program files\360safe\LeakCheck.dll
c:\program files\360safe\LeakFilelog.ini
c:\program files\360safe\LibActi.dat
c:\program files\360safe\Libclsid.dat
c:\program files\360safe\LibDefa.dat
c:\program files\360safe\libdll.dat
c:\program files\360safe\libdrv.dat
c:\program files\360safe\libleak.dat
c:\program files\360safe\libleak2.dat
c:\program files\360safe\LibRun.dat
c:\program files\360safe\libspyer.dat
c:\program files\360safe\libspyerp.dat
c:\program files\360safe\libspywa.dat
c:\program files\360safe\LibSpywa1.dat
c:\program files\360safe\LibSrv.dat
c:\program files\360safe\LibTask.dat
c:\program files\360safe\libup.ini
c:\program files\360safe\libwhite.dat
c:\program files\360safe\links.ini
c:\program files\360safe\links\links.dll
c:\program files\360safe\links\scconfig.ini
c:\program files\360safe\live.dll
c:\program files\360safe\makereport.exe
c:\program files\360safe\modules\360cav.dll
c:\program files\360safe\modules\infocust.dll
c:\program files\360safe\mphreport.dll
c:\program files\360safe\rptup.dll
c:\program files\360safe\safeext.dll
c:\program files\360safe\safemon\360krnl.dat
c:\program files\360safe\safemon\360mon.dat
c:\program files\360safe\safemon\360tray.exe
c:\program files\360safe\safemon\config.ini
c:\program files\360safe\safemon\execrule.dat
c:\program files\360safe\safemon\leakinfo.dat
c:\program files\360safe\safemon\leakinfo2.dat
c:\program files\360safe\safemon\safekrnl.dat
c:\program files\360safe\safemon\safekrnl.dll
c:\program files\360safe\safemon\safemon.dll
c:\program files\360safe\safemon\siterule.dat
c:\program files\360safe\safemon\whitelist.dat
c:\program files\360safe\softleak.dat
c:\program files\360safe\SoftMgr\360sfchk.dll
c:\program files\360safe\SoftMgr\cataloglib.dat
c:\program files\360safe\SoftMgr\essgame.dat
c:\program files\360safe\SoftMgr\esslib.dat
c:\program files\360safe\SoftMgr\esslibupdate.exe
c:\program files\360safe\SoftMgr\ico\ÍòÄÜÎå±ÊÊäÈë·¨.ico
c:\program files\360safe\SoftMgr\ico\·ÉÐÅ(Fetion).ico
c:\program files\360safe\SoftMgr\ico\¿ì³µ(FlashGet).ico
c:\program files\360safe\SoftMgr\ico\¿ì²¥(QvodPlayer).ico
c:\program files\360safe\SoftMgr\ico\¿á¹·ÒôÀÖ2008.ico
c:\program files\360safe\SoftMgr\ico\¿áÎÒÒôÀÖºÐ.ico
c:\program files\360safe\SoftMgr\ico\·çÐÐÍøÂçµçÓ°.ico
c:\program files\360safe\SoftMgr\ico\ÌÚѶQQ.ico
c:\program files\360safe\SoftMgr\ico\´óÖÇ»Û.ico
c:\program files\360safe\SoftMgr\ico\¹È¸è½ðɽ´Ê°Ô.ico
c:\program files\360safe\SoftMgr\ico\¹È¸èÆ´ÒôÊäÈë·¨.ico
c:\program files\360safe\SoftMgr\ico\¹È¸èä¯ÀÀÆ÷.ico
c:\program files\360safe\SoftMgr\ico\懨.ico
c:\program files\360safe\SoftMgr\ico\ѸÀ×5.ico
c:\program files\360safe\SoftMgr\ico\Ëѹ·Æ´ÒôÊäÈë·¨.ico
c:\program files\360safe\SoftMgr\ico\Áé¸ñ˹´Ê°Ô.ico
c:\program files\360safe\SoftMgr\ico\²¨²¨»¢ÊÓƵÓéÀÖÈí¼þ.ico
c:\program files\360safe\SoftMgr\ico\±ÈÌؾ«Áé.ico
c:\program files\360safe\SoftMgr\ico\10JQKA.ico
c:\program files\360safe\SoftMgr\ico\360°²È«ÎÀÊ¿.ico
c:\program files\360safe\SoftMgr\ico\360°²È«ä¯ÀÀÆ÷.ico
c:\program files\360safe\SoftMgr\ico\360±£ÏÕÏä.ico
c:\program files\360safe\SoftMgr\ico\360safe.ico
c:\program files\360safe\SoftMgr\ico\360safebox.ico
c:\program files\360safe\SoftMgr\ico\360se.ico
c:\program files\360safe\SoftMgr\ico\7-Zip.ico
c:\program files\360safe\SoftMgr\ico\ACDSEE.ico
c:\program files\360safe\SoftMgr\ico\Adobe Reader.ico
c:\program files\360safe\SoftMgr\ico\Bitcomet.ico
c:\program files\360safe\SoftMgr\ico\bobohu.ico
c:\program files\360safe\SoftMgr\ico\chrome.ico
c:\program files\360safe\SoftMgr\ico\DAEMON Tools.ico
c:\program files\360safe\SoftMgr\ico\dzh.ico
c:\program files\360safe\SoftMgr\ico\easyMule.ico
c:\program files\360safe\SoftMgr\ico\emoney.ico
c:\program files\360safe\SoftMgr\ico\ESET NOD32·À²¡¶¾360רÓðæ.ico
c:\program files\360safe\SoftMgr\ico\Fetion.ico
c:\program files\360safe\SoftMgr\ico\FlashGet.ico
c:\program files\360safe\SoftMgr\ico\Foobar2000.ico
c:\program files\360safe\SoftMgr\ico\Funshion.ico
c:\program files\360safe\SoftMgr\ico\GLWORLD.ico
c:\program files\360safe\SoftMgr\ico\googlepy.ico
c:\program files\360safe\SoftMgr\ico\hfsetup.ico
c:\program files\360safe\SoftMgr\ico\Internet Explorer.ico
c:\program files\360safe\SoftMgr\ico\iSpeak.ico
c:\program files\360safe\SoftMgr\ico\KMPlayer.ico
c:\program files\360safe\SoftMgr\ico\koowo.ico
c:\program files\360safe\SoftMgr\ico\kugou.ico
c:\program files\360safe\SoftMgr\ico\lingoes.ico
c:\program files\360safe\SoftMgr\ico\Mozilla Firefox.ico
c:\program files\360safe\SoftMgr\ico\MSN.ico
c:\program files\360safe\SoftMgr\ico\MSNÃâ·ÑÁÄÌìÈí¼þ.ico
c:\program files\360safe\SoftMgr\ico\nod32.ico
c:\program files\360safe\SoftMgr\ico\Picasa.ico
c:\program files\360safe\SoftMgr\ico\pipi.ico
c:\program files\360safe\SoftMgr\ico\powerwordlite.ico
c:\program files\360safe\SoftMgr\ico\PPLive.ico
c:\program files\360safe\SoftMgr\ico\PPStream.ico
c:\program files\360safe\SoftMgr\ico\PPStreamÃâ·ÑÍøÂçµçÊÓ.ico
c:\program files\360safe\SoftMgr\ico\QQ.ico
c:\program files\360safe\SoftMgr\ico\QQ³¬¼¶Ðý·ç.ico
c:\program files\360safe\SoftMgr\ico\QQÖ±²¥.ico
c:\program files\360safe\SoftMgr\ico\QQÓÎÏ·´óÌü.ico
c:\program files\360safe\SoftMgr\ico\QQÓ°Òô.ico
c:\program files\360safe\SoftMgr\ico\QQdownload.ico
c:\program files\360safe\SoftMgr\ico\QQGame.ico
c:\program files\360safe\SoftMgr\ico\QQLive.ico
c:\program files\360safe\SoftMgr\ico\QQPlayer.ico
c:\program files\360safe\SoftMgr\ico\QvodPlayer.ico
c:\program files\360safe\SoftMgr\ico\RepairLeak.ico
c:\program files\360safe\SoftMgr\ico\Safari.ico
c:\program files\360safe\SoftMgr\ico\Skype.ico
c:\program files\360safe\SoftMgr\ico\SkypeÃâ·ÑÍøÂçµç»°.ico
c:\program files\360safe\SoftMgr\ico\Sogoupy.ico
c:\program files\360safe\SoftMgr\ico\Thunder.ico
c:\program files\360safe\SoftMgr\ico\utgame.ico
c:\program files\360safe\SoftMgr\ico\UUCall.ico
c:\program files\360safe\SoftMgr\ico\UUSee.ico
c:\program files\360safe\SoftMgr\ico\UUSeeÍøÂçµçÊÓ.ico
c:\program files\360safe\SoftMgr\ico\Winamp.ico
c:\program files\360safe\SoftMgr\ico\WinRAR.ico
c:\program files\360safe\SoftMgr\ico\wnwb.ico
c:\program files\360safe\SoftMgr\ico\WPS Office.ico
c:\program files\360safe\SoftMgr\ico\YoudaoDict.ico
c:\program files\360safe\SoftMgr\libgame.dat
c:\program files\360safe\SoftMgr\poplib.dat
c:\program files\360safe\SoftMgr\softimage\softimage12.jpg
c:\program files\360safe\SoftMgr\softimage\softimage15.jpg
c:\program files\360safe\SoftMgr\softimage\softimage18.jpg
c:\program files\360safe\SoftMgr\softimage\softimage21.jpg
c:\program files\360safe\SoftMgr\softimage\softimage22.jpg
c:\program files\360safe\SoftMgr\softimage\softimage23.jpg
c:\program files\360safe\SoftMgr\softimage\softimage24.jpg
c:\program files\360safe\SoftMgr\softimage\softimage25.JPG
c:\program files\360safe\SoftMgr\SoftManager.exe
c:\program files\360safe\SoftMgr\softorder.dat
c:\program files\360safe\SoftMgr\softup.dat
c:\program files\360safe\SoftMgr\SoftWareMgr.dll
c:\program files\360safe\SoftMgr\TopSoft.dat
c:\program files\360safe\spylog.log
c:\program files\360safe\uninst.exe
c:\program files\360safe\WinSockLSP.reg
c:\program files\360safe\WinSockLSPIFSL.reg
c:\program files\360Safebox
c:\program files\360Safebox\360.dat
c:\program files\360Safebox\360safebox.exe
c:\program files\360Safebox\360U.dat
c:\program files\360Safebox\AntiAdwa.dll
c:\program files\360Safebox\antispy.dll
c:\program files\360Safebox\box.dat
c:\program files\360Safebox\boxU.dat
c:\program files\360Safebox\dpath.ini
c:\program files\360Safebox\GFCfg.ini
c:\program files\360Safebox\GuardField.exe
c:\program files\360Safebox\icon\ÍøÒ×ÅÝÅÝ(POPO).ico
c:\program files\360Safebox\icon\ͬ»¨Ë³2008.ico
c:\program files\360Safebox\icon\ħÊÞÊÀ½ç.ico
c:\program files\360Safebox\icon\º£Ö®ÀÖÕÂ-Æôº½.ico
c:\program files\360Safebox\icon\º£µÁÍõonline.ico
c:\program files\360Safebox\icon\³à±Ú.ico
c:\program files\360Safebox\icon\Õù°ÔÌìÏÂ.ico
c:\program files\360Safebox\icon\Éñ½ç.ico
c:\program files\360Safebox\icon\ÖïÏÉ.ico
c:\program files\360Safebox\icon\Õ÷;.ico
c:\program files\360Safebox\icon\ÕÐÉÌÒøÐÐ.ico
c:\program files\360Safebox\icon\ÖйúÒøÐÐ.ico
c:\program files\360Safebox\icon\ÕÐÐÐרҵ°æ.ico
c:\program files\360Safebox\icon\ÖÐÐÅÒøÐÐ.ico
c:\program files\360Safebox\icon\·ÉÐÅ.ico
c:\program files\360Safebox\icon\·½Õý֤ȯͬ»¨Ë³ÍêÃÀ°æ.ico
c:\program files\360Safebox\icon\»ªÏÄÒøÐÐ.ico
c:\program files\360Safebox\icon\»ªÎ÷֤ȯÍøÉϽ»Ò×.ico
c:\program files\360Safebox\icon\»ªÎ÷֤ȯÍøÉÏÐÐÇé.ico
c:\program files\360Safebox\icon\»úÕ½.ico
c:\program files\360Safebox\icon\ÈÈѪ½ºþ.ico
c:\program files\360Safebox\icon\ÈÈÎèÅɶÔ.ico
c:\program files\360Safebox\icon\Èý¹úÕù°Ô.ico
c:\program files\360Safebox\icon\½¨ÉèÒøÐÐ.ico
c:\program files\360Safebox\icon\½ÖÍ·ÀºÇò.ico
c:\program files\360Safebox\icon\½»Í¨ÒøÐÐ.ico
c:\program files\360Safebox\icon\¾¢ÎèÍÅ.ico
c:\program files\360Safebox\icon\ÌÚѶQQ.ico
c:\program files\360Safebox\icon\ÌÚѶTM.ico
c:\program files\360Safebox\icon\ÃλÃÎ÷ÓÎ.ico
c:\program files\360Safebox\icon\Ææ¼£ÊÀ½ç.ico
c:\program files\360Safebox\icon\ÌìÏÂ.ico
c:\program files\360Safebox\icon\ÌìÁú°Ë²¿.ico
c:\program files\360Safebox\icon\´óÖÇ»Û.ico
c:\program files\360Safebox\icon\´ó»°Î÷ÓÎII.ico
c:\program files\360Safebox\icon\´ó»°Î÷ÓÎIII.ico
c:\program files\360Safebox\icon\´óÌƺÀÏÀ.ico
c:\program files\360Safebox\icon\µ¶½£Online.ico
c:\program files\360Safebox\icon\¹úÌ©¾ý°²¸»Ò×֤ȯ½»Ò×.ico
c:\program files\360Safebox\icon\´«ÆæÊÀ½ç.ico
c:\program files\360Safebox\icon\¹¤ÉÌÒøÐÐ.ico
c:\program files\360Safebox\icon\¹â´óÒøÐÐ.ico
c:\program files\360Safebox\icon\¹ã¶«·¢Õ¹ÒøÐÐ.ico
c:\program files\360Safebox\icon\ÐÂÀËUC.ico
c:\program files\360Safebox\icon\ÐËÒµÒøÐÐ.ico
c:\program files\360Safebox\icon\УÄÚͨ.ico
c:\program files\360Safebox\icon\Å©ÒµÒøÐÐ.ico
c:\program files\360Safebox\icon\׿Խ֮½£.ico
c:\program files\360Safebox\icon\ÎʵÀ.ico
c:\program files\360Safebox\icon\ÅÜÅÜ¿¨¶¡³µ.ico
c:\program files\360Safebox\icon\±±¾©ÒøÐÐ.ico
c:\program files\360Safebox\icon\°¢ÀïÍúÍú(óÒ×ͨ°æ).ico
c:\program files\360Safebox\icon\°¢ÀïÍúÍú(ÌÔ±¦°æ).ico
c:\program files\360Safebox\icon\51¹Ò¹Ò.ico
c:\program files\360Safebox\icon\msn.ico
c:\program files\360Safebox\icon\Skype.ico
c:\program files\360Safebox\Inject_log.dat
c:\program files\360Safebox\LeakCheck.dll
c:\program files\360Safebox\libleak.dat
c:\program files\360Safebox\libleak2.dat
c:\program files\360Safebox\libspyerp.dat
c:\program files\360Safebox\libspywa.dat
c:\program files\360Safebox\ListBlack.dat
c:\program files\360Safebox\ListBlackO.dat
c:\program files\360Safebox\ListBlackUser.dat
c:\program files\360Safebox\ListPreDef.dat
c:\program files\360Safebox\ListPreDefEx.dat
c:\program files\360Safebox\ListUserDef.dat
c:\program files\360Safebox\liveupdate.dll
c:\program files\360Safebox\liveupdate.ini
c:\program files\360Safebox\rptup.dll
c:\program files\360Safebox\safebank.exe
c:\program files\360Safebox\SafeboxApi.dll
c:\program files\360Safebox\SafeboxKrnl.sys
c:\program files\360Safebox\safeboxTray.exe
c:\program files\360Safebox\safeext.dll
c:\program files\360Safebox\Scan_log.dat
c:\program files\360Safebox\ScanImage\{0040E0BA-3081-4234-8D8A-80852C33DFCB}.jpg
c:\program files\360Safebox\ScanImage\{01EDD534-54DC-42FD-BA3A-C68C5E39E25F}.jpg
c:\program files\360Safebox\ScanImage\{03519879-A844-4E30-949D-EF3B55201812}.jpg
c:\program files\360Safebox\ScanImage\{05FEBA33-6634-4173-9630-C42B21E51A14}.jpg
c:\program files\360Safebox\ScanImage\{0684B982-8102-4FE0-8370-B7AA3449F134}.jpg
c:\program files\360Safebox\ScanImage\{074B0A2A-0ED8-4130-92B4-1BEFBC7B58BA}.jpg
c:\program files\360Safebox\ScanImage\{0BCA6976-A25C-4EAC-85F5-727894E390A5}.jpg
c:\program files\360Safebox\ScanImage\{10F19848-2B9A-4A3D-8D1D-8FA01561B3B1}.jpg
c:\program files\360Safebox\ScanImage\{11960474-9240-4B2C-BEB5-1247C343209D}.jpg
c:\program files\360Safebox\ScanImage\{12D7ABC1-E8FB-4521-AEEF-DDC1D128A9F2}.jpg
c:\program files\360Safebox\ScanImage\{1AFC0CFB-30FD-41E9-95AE-B66DBA0F0838}.jpg
c:\program files\360Safebox\ScanImage\{1C70A896-ECC1-44E5-8B2D-410EA28DFB26}.jpg
c:\program files\360Safebox\ScanImage\{1D2E4B19-E96A-4F51-A18C-5838A5CDB5BE}.jpg
c:\program files\360Safebox\ScanImage\{1EB7C8BA-D821-4342-BF7F-4B13B976BEF6}.jpg
c:\program files\360Safebox\ScanImage\{1F35EC8E-9846-42A0-A810-74A974F2501E}.jpg
c:\program files\360Safebox\ScanImage\{203329BF-D20F-48C4-ACC8-73575B8A2A31}.jpg
c:\program files\360Safebox\ScanImage\{26048221-6C4D-4A5B-A424-DDCD48388A65}.jpg
c:\program files\360Safebox\ScanImage\{2C8A55F4-E7E9-4C48-A713-A5A6AFC0E696}.jpg
c:\program files\360Safebox\ScanImage\{2E9B8123-EF59-49CD-89B9-37D6670C0F34}.jpg
c:\program files\360Safebox\ScanImage\{3154A485-47CD-41C0-9565-2AAB1CD17053}.jpg
c:\program files\360Safebox\ScanImage\{324EEAA3-7D62-4C13-B615-D68D5C2D60C6}.jpg
c:\program files\360Safebox\ScanImage\{32E4D7D1-F8A0-424A-B1E2-B6FF8C1E447D}.jpg
c:\program files\360Safebox\ScanImage\{35A91883-5F41-43E6-98EC-7EC854A3277C}.jpg
c:\program files\360Safebox\ScanImage\{37DC5B1B-22C8-4593-BF9A-C9E151ACD682}.jpg
c:\program files\360Safebox\ScanImage\{3B3AEAB9-C9E5-48D5-BCFC-4497F4AA80AB}.jpg
c:\program files\360Safebox\ScanImage\{3B6A3B30-B4E4-4AA5-87EF-693962AA0C2C}.jpg
c:\program files\360Safebox\ScanImage\{3C93221B-7CE5-4F32-B445-734F8EBA688A}.jpg
c:\program files\360Safebox\ScanImage\{3CB7DFEF-93D1-4BF2-BA95-FB4756F4AACC}.jpg
c:\program files\360Safebox\ScanImage\{3D1F929B-421D-4395-81D2-F9B6EAE2BD02}.jpg
c:\program files\360Safebox\ScanImage\{3E84C372-89B9-42BB-8A69-A3CCF0EBE436}.jpg
c:\program files\360Safebox\ScanImage\{4097E456-BD55-4E7E-B74F-5134767CCE1A}.jpg
c:\program files\360Safebox\ScanImage\{437BCF38-D7F9-4385-8C4C-D24378467900}.jpg
c:\program files\360Safebox\ScanImage\{4809ED94-0213-4ABB-8D14-84DE2282797E}.jpg
c:\program files\360Safebox\ScanImage\{49E70904-BE67-450C-9A5B-BB55EC9341B0}.jpg
c:\program files\360Safebox\ScanImage\{4A73766E-60F0-478B-8654-1817AA45DF9A}.jpg
c:\program files\360Safebox\ScanImage\{4B377CD3-1ED7-4A67-A9FD-0A4A0AC5802C}.jpg
c:\program files\360Safebox\ScanImage\{4B5F62AB-F606-4C3A-9197-1167994B6EAF}.jpg
c:\program files\360Safebox\ScanImage\{4E59DC98-AEF0-4BEA-AD46-4FAB89063A3E}.jpg
c:\program files\360Safebox\ScanImage\{4F58B3E6-AE04-42D0-9B04-1A48CEBDA3D3}.jpg
c:\program files\360Safebox\ScanImage\{4F8A1FDB-4429-41CD-A098-93ABB20A8E60}.jpg
c:\program files\360Safebox\ScanImage\{52CA624A-6AE2-4B11-9D45-FBB006519B08}.jpg
c:\program files\360Safebox\ScanImage\{52E23F29-16B9-4132-ADEC-D6F7EA017E93}.jpg
c:\program files\360Safebox\ScanImage\{5C9C8F57-D0AA-488D-9640-C8200CE1A017}.jpg
c:\program files\360Safebox\ScanImage\{5F9616A3-E360-42A5-A4A8-FA1E5A31F2A7}.jpg
c:\program files\360Safebox\ScanImage\{5FA0975F-8915-4B4E-B55A-0E1501EEB946}.jpg
c:\program files\360Safebox\ScanImage\{62B8E217-4519-4284-84E4-34C2DDD4B526}.jpg
c:\program files\360Safebox\ScanImage\{64146533-80D9-4667-87FF-916923E48BAF}.jpg
c:\program files\360Safebox\ScanImage\{6820783F-3E9D-4FEE-9A91-5C5E7E4F7975}.jpg
c:\program files\360Safebox\ScanImage\{6C2BB878-59CC-4BC3-A1D8-A5A85846026C}.jpg
c:\program files\360Safebox\ScanImage\{6C4E3BE5-6D59-44E9-A8A8-8E433C6EAB9B}.jpg
c:\program files\360Safebox\ScanImage\{6D8900E0-DDC9-4AE4-A2BF-00B1F08BA592}.jpg
c:\program files\360Safebox\ScanImage\{6D9FE449-5172-4F96-9929-B880AF95F0CA}.jpg
c:\program files\360Safebox\ScanImage\{6F36342E-BD56-4BC6-8ACB-6B0BE145EC2A}.jpg
c:\program files\360Safebox\ScanImage\{6F6FAE38-3F2A-41F6-9C35-CF10C345CC2D}.jpg
c:\program files\360Safebox\ScanImage\{7239991E-4835-462C-BC1C-2448A45C4FE4}.jpg
c:\program files\360Safebox\ScanImage\{73CA38AA-6686-4C7E-94A3-E520CE83E6F1}.jpg
c:\program files\360Safebox\ScanImage\{74CE787C-E8B7-4EAB-9006-5DD730796C80}.jpg
c:\program files\360Safebox\ScanImage\{75E3F4FA-3C13-4FB6-B59B-37E91FBD5A24}.jpg
c:\program files\360Safebox\ScanImage\{7793C7F5-5B69-4AAD-891F-61640E190E87}.jpg
c:\program files\360Safebox\ScanImage\{7860DA3A-7C7C-459A-B366-144DCB7993A1}.jpg
c:\program files\360Safebox\ScanImage\{7D13FBBF-FCA4-49C1-87D8-D22B1B1A1EC6}.jpg
c:\program files\360Safebox\ScanImage\{7D67C0D8-83FB-48C9-ADBB-8ED6EEEFD4F7}.jpg
c:\program files\360Safebox\ScanImage\{8423DF37-351D-458E-91A6-47CA0C8CFD0C}.jpg
c:\program files\360Safebox\ScanImage\{84E67994-1831-42F2-9839-033FBD726267}.jpg
c:\program files\360Safebox\ScanImage\{878B7123-4A58-4D36-A736-BE2D664C1EF1}.jpg
c:\program files\360Safebox\ScanImage\{8B25466B-9576-40E2-8B8C-89056AFC34AD}.jpg
c:\program files\360Safebox\ScanImage\{90C6F871-6D64-481E-8A15-95416E09B377}.jpg
c:\program files\360Safebox\ScanImage\{9AC102B4-21DD-456E-961A-EB285583BA7B}.jpg
c:\program files\360Safebox\ScanImage\{9B0467FC-9C0F-44F5-9E9C-E9B060843863}.jpg
c:\program files\360Safebox\ScanImage\{9DBDDC95-2529-4B13-A5E8-842E0C97CF78}.jpg
c:\program files\360Safebox\ScanImage\{9FC33B81-3693-4B3F-A053-A3EB2D9634C9}.jpg
c:\program files\360Safebox\ScanImage\{A059E3DE-5B39-4046-AB24-6EE1D8D67191}.jpg
c:\program files\360Safebox\ScanImage\{A0CF553A-DB8D-4E04-9993-217653E71080}.jpg
c:\program files\360Safebox\ScanImage\{A80C64B9-8046-4C22-A1BA-FFA7F184A012}.jpg
c:\program files\360Safebox\ScanImage\{AA73D070-7B3A-4F41-8738-512070089A49}.jpg
c:\program files\360Safebox\ScanImage\{ABBBA9E2-32EC-4202-8615-1ACC20916CC6}.jpg
c:\program files\360Safebox\ScanImage\{AD4EF6AE-6893-4221-855E-43B432C8E4B3}.jpg
c:\program files\360Safebox\ScanImage\{AD72BE8F-8097-40DD-B150-C24EB30EE975}.jpg
c:\program files\360Safebox\ScanImage\{AE4C9ED9-05E8-4BF7-82EA-E88E707ADDF7}.jpg
c:\program files\360Safebox\ScanImage\{AE989CB5-B2E0-4AC2-9AE0-84AC59716179}.jpg
c:\program files\360Safebox\ScanImage\{AEC3589F-D7F7-4264-A304-5DFD19795E86}.jpg
c:\program files\360Safebox\ScanImage\{B0A62EFF-A19F-4410-9940-891BB540591D}.jpg
c:\program files\360Safebox\ScanImage\{B2C11928-B567-4C06-96BF-7DCEC42033D6}.jpg
c:\program files\360Safebox\ScanImage\{B76E0382-9B7B-4013-B633-9731BE432122}.jpg
c:\program files\360Safebox\ScanImage\{B7800CD1-75EE-41D3-9CFC-7E9B051B84AD}.jpg
c:\program files\360Safebox\ScanImage\{B7B0EA89-33D5-4B3C-843D-C66D4D994C2F}.jpg
c:\program files\360Safebox\ScanImage\{B9B3E0B0-C6A6-43E7-A143-375EF734D60A}.jpg
c:\program files\360Safebox\ScanImage\{BA368FE5-C9E9-49BA-9CF8-8DC5D639C9D8}.jpg
c:\program files\360Safebox\ScanImage\{BD0A04AC-B3C5-465F-9210-0906EF614E8B}.jpg
c:\program files\360Safebox\ScanImage\{BE07311D-8F01-415E-A424-F33289C13523}.jpg
c:\program files\360Safebox\ScanImage\{C2590EC7-ADD2-4855-8696-E4E43F684E90}.jpg
c:\program files\360Safebox\ScanImage\{C37DBBA0-A01C-4CAF-8DEF-1D438ED516FA}.jpg
c:\program files\360Safebox\ScanImage\{C56DC4CE-863E-4DAB-995E-A550B6A5DE64}.jpg
c:\program files\360Safebox\ScanImage\{C7BFCCAB-F0D5-463F-8174-DA0A4862B2AF}.jpg
c:\program files\360Safebox\ScanImage\{C850D82A-21DA-45F3-B8C5-71EC3E05CE40}.jpg
c:\program files\360Safebox\ScanImage\{CF1FE2BB-F2AD-41CF-80C1-C1637D97AB79}.jpg
c:\program files\360Safebox\ScanImage\{CFCDECB6-401E-492D-9EB8-BB362F2EF213}.jpg
c:\program files\360Safebox\ScanImage\{D03ED5F6-6F01-4A87-B049-783F98626D96}.jpg
c:\program files\360Safebox\ScanImage\{D58F7282-BFAA-4E72-B48E-27E2A7A0FF1E}.jpg
c:\program files\360Safebox\ScanImage\{D7A2EB61-8F7F-44EE-BE56-540FBCFEC026}.jpg
c:\program files\360Safebox\ScanImage\{D86DCC6C-2D33-4716-A66D-CA3070E4234C}.jpg
c:\program files\360Safebox\ScanImage\{D911B431-C19B-4C5C-9F6C-CBFED72181A2}.jpg
c:\program files\360Safebox\ScanImage\{D92870B3-5419-44C6-9358-39CE0655913E}.jpg
c:\program files\360Safebox\ScanImage\{D9CFB159-75F5-42D0-A105-74BA44F62D60}.jpg
c:\program files\360Safebox\ScanImage\{DD935991-26AD-4CA6-B39B-787C54FF0CDF}.jpg
c:\program files\360Safebox\ScanImage\{DDCE1C34-D4C4-43C8-B797-1228D36073E1}.jpg
c:\program files\360Safebox\ScanImage\{DF4CE290-605E-47E3-A05C-18B8EA03426B}.jpg
c:\program files\360Safebox\ScanImage\{DFD91BA0-BFE5-4DAD-9FA5-F1C4981A558B}.jpg
c:\program files\360Safebox\ScanImage\{E74CDD95-56E3-404D-898D-03A50339E2EA}.jpg
c:\program files\360Safebox\ScanImage\{E7FE864B-A077-4084-8997-12B0D97990D4}.jpg
c:\program files\360Safebox\ScanImage\{E969BCEB-9088-4D00-8849-0E93D3649334}.jpg
c:\program files\360Safebox\ScanImage\{EA35008E-121F-4CB1-9570-5B0A5FA7F6E2}.jpg
c:\program files\360Safebox\ScanImage\{EB10EB0D-D0A3-40F1-88BB-45477B73E671}.jpg
c:\program files\360Safebox\ScanImage\{EB83C8D1-6320-46E7-9B59-F37F7C584A9B}.jpg
c:\program files\360Safebox\ScanImage\{EF0A59B2-073D-4796-8D56-C197E6DFF70A}.jpg
c:\program files\360Safebox\ScanImage\{F18AF506-A07E-4A61-8920-2B920DF0DF75}.jpg
c:\program files\360Safebox\ScanImage\{FDEBD829-D646-4DD1-9C1D-C137C7F056D8}.jpg
c:\program files\360Safebox\ScanImage\{FF33AC0C-CA2C-46C9-805E-567711D51773}.jpg
c:\program files\360Safebox\sprotect.ini
c:\program files\360Safebox\uninst.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.
2009-01-15 02:42 . 2009-01-15 02:42 <DIR> d-------- C:\rsit
2009-01-15 02:42 . 2009-01-15 02:42 <DIR> d-------- c:\program files\trend micro
2009-01-15 02:30 . 2009-01-15 02:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 02:30 . 2009-01-15 02:30 <DIR> d-------- c:\documents and settings\ct\Application Data\Malwarebytes
2009-01-15 02:30 . 2009-01-15 02:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 02:30 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 02:30 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-13 23:19 . 2009-01-13 23:19 90 --ah----- C:\aaw7boot.cmd
2009-01-04 23:58 . 2009-01-04 23:58 <DIR> d-------- c:\windows\Sun
2009-01-04 23:57 . 2009-01-04 23:57 <DIR> d-------- c:\program files\Java
2009-01-04 23:57 . 2009-01-04 23:57 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 23:57 . 2009-01-04 23:57 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-04 18:23 . 2009-01-04 20:08 69 --a------ c:\windows\NeroDigital.ini
2008-12-21 00:34 . 2008-12-24 18:44 <DIR> d-------- c:\program files\eMule
2008-12-16 23:22 . 2009-01-04 23:50 <DIR> d-------- c:\program files\Bonjour
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iTunes
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\program files\iPod
2008-12-16 23:20 . 2008-12-16 23:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 19:13 7,062,304 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-14 19:12 97,700 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-14 19:12 12,692 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-01-14 19:12 102,432 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-01-14 16:41 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-13 16:37 --------- d-----w c:\program files\Google
2009-01-13 15:02 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-11 11:27 --------- d-----w c:\documents and settings\ct\Application Data\Skype
2008-12-29 12:10 --------- d-----w c:\documents and settings\ct\Application Data\SogouPY
2008-12-16 15:17 --------- d-----w c:\program files\Common Files\Apple
2008-12-12 03:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 03:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-01 13:06 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-12-01 13:05 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-12-01 13:05 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-12-01 12:26 --------- d-----w c:\program files\Kaspersky Lab
2008-12-01 12:25 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 06:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 06:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 06:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 06:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 06:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 06:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 06:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 06:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-07-17 17:34 19,153,264 ----a-w c:\program files\aaw2008.exe
2003-01-07 04:45 211 ----a-w c:\program files\Common Files\boob.ini
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\ct\Application Data\SogouPY ----
2008-12-29 20:10 9434 --a------ c:\documents and settings\ct\Application Data\SogouPY\sgim_usr.bin
2008-12-29 20:10 3498 --a------ c:\documents and settings\ct\Application Data\SogouPY\env.ini
2008-12-29 18:08 810 --a------ c:\documents and settings\ct\Application Data\SogouPY\scdlist.ini
2008-12-29 18:08 1683860 --a------ c:\documents and settings\ct\Application Data\SogouPY\sgim_ext.bin
2008-07-17 21:46 157746 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\??300?.scel
2008-07-17 21:46 15290 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\????top180.scel
2008-07-17 21:46 149206 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\??????.scel
2008-07-17 21:46 149206 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\??????.scel
2008-07-17 21:46 149206 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\?????.scel
2007-06-25 17:45 205730 --a------ c:\documents and settings\ct\Application Data\SogouPY\scd\????.scel
((((((((((((((((((((((((((((( snapshot@2009-01-15_ 2.10.23.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2007-07-27 01:41:40 16,760 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-01-14 19:13:11 16,384 ----atw c:\windows\temp\Perflib_Perfdata_144.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-23 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 97357]
"snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 227856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-08 c:\windows\RTHDCPL.EXE]
c:\documents and settings\ct\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-24 25214]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kingsoft\\PowerWord 2005\\XDICT.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://VeryCD.265.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ??????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ?????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ?????? PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????? Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 03:13:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'lsass.exe'(928)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2009-01-15 3:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-14 19:15:02
ComboFix2.txt 2009-01-14 18:11:26
Pre-Run: 6,991,077,376 bytes free
Post-Run: 6,910,001,152 bytes free
612 --- E O F --- 2009-01-14 19:01:42
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
14 janv. 2009 à 20:19
14 janv. 2009 à 20:19
Je m'absente.
Fais un scan complet avec Kaspersky.
Fais un scan complet avec Kaspersky.
je vais installer avast car mon kaperski n'est plus valide. Comme je t'ecris de Chine ou il est 3h20 du matin, je vais me coucher..Penses tu que le probleme a ete regle. je t'envoie en tous cas un message demain et te remercie sincerement pour ton aide ,..Un grand merci quoiqu'il en soit
A+
Christophe
A+
Christophe
Bonjour,
me voila de retour ( desole a cause du decalage horaire). le probleme semble resolu.
J'ai juste 2 questions
1- Dois-je supprimer le fichier "Killtibs" ainsi que Malwarebytes?
2-Je vais installer un nouvel antivirus. Me conseille plutot avast, antivir ou avg 8? Merci de me communiquer si tu le connais un lien ou je peux les telecharger.
Merci mille fois !
A+
Christophe
me voila de retour ( desole a cause du decalage horaire). le probleme semble resolu.
J'ai juste 2 questions
1- Dois-je supprimer le fichier "Killtibs" ainsi que Malwarebytes?
2-Je vais installer un nouvel antivirus. Me conseille plutot avast, antivir ou avg 8? Merci de me communiquer si tu le connais un lien ou je peux les telecharger.
Merci mille fois !
A+
Christophe
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 291
15 janv. 2009 à 16:24
15 janv. 2009 à 16:24
---> Menu Démarrer > Exécuter > Tape combofix /u et valide.
---> Installe Antivir et mets-le à jour :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir
---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
---> Dans Antivir, choisis Outils puis Configuration.
---> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
---> Fais un scan complet et poste le rapport.
---> Installe Antivir et mets-le à jour :
http://www.commentcamarche.net/telecharger/telecharger 55 antivir
---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.
---> Dans Antivir, choisis Outils puis Configuration.
---> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.
---> Fais un scan complet et poste le rapport.
