Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan.bho.agz and search assistant [RESOLVED]


  • This topic is locked This topic is locked

#1
2Late4U2Run

2Late4U2Run

    New Member

  • Member
  • Pip
  • 9 posts
(english aint my language so sry for mistakes)

Ok basically i cant get rid of c:\windows\system32\bthser.dll

Also get redirected to search assistant (i think its still because of bthser.dll)

I used AVG, OTmoveit 2, SuperAntispyware, ComboFix, ATF Cleaner, Spybot SnD, used them safe mode, normal mode... Tried everything i could... desperate... Help would be VERY appreciated

Thx
Here is the Hijack this logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04, on 2008-02-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{405D94E0-0BB8-3084-1228-051107050002}] "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7195 bytes


Uninstalling list:

3dsmax ancillary install
Acoustica Effects Pack
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
AGEIA PhysX v7.05.17
ArcSoft Multimedia Email
ArcSoft PhotoImpression 5
Autodesk DWF Viewer 7
Avanquest update
AVG Anti-Spyware 7.5
Backburner
Creative Audio Console
Creative MediaSource
Creative System Information
Creative WebCam Center
Creative WebCam Instant Driver (1.01.02.0729)
Crysis®
CureROM Pro 2.0.3.3
Dream Girls Tetris
FBX Plugin 2006.08 for Max 9.0
FotoSketcher 1.3
Fraps (remove only)
FUJIFILM FinePixViewer S Ver.2.1
Guitar Pro 5.0
HijackThis 2.0.2
Hotfix pour Microsoft .NET Framework 2.0 (KB918842)
HyperSnap-DX 5
Icons
IndustryPlayer 5
Installer Yahoo! Messenger
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.1_07
Java 2 SDK, SE v1.4.1_07
Java DB 10.3.1.4
Java Web Start
Java™ 6 Update 4
Java™ SE Development Kit 6 Update 4
Kaput Version 4
K-Lite Codec Pack 2.73 Full
K-Lite v2.7.2
Lecteur Windows Media 10
LimeWire PRO 4.13.6
Macromedia Contribute 3
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Manuel d'utilisation de Creative WebCam Instant (Français)
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.1
mIRC
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Monopoly
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.3)
Nero 7 Ultra Edition
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
PC Probe II
PokerStars
Poser 7
PunkBuster Services
QuickTime
Sonic Foundry Sound Forge 6.0e
Sonic Foundry Vegas 4.0
SonicStage 3.0
Sony USB Driver
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
System Requirements Lab
TeamSpeak 2 RC2
TorrenTopia Client
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
WinRAR archiver
WordBiz version 1.8
Xbox 360 Controller for Windows
Xfire (remove only)
xp-AntiSpy 3.96-2
Zuma Deluxe 1.0
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Glad you came to help.... here are the 2 Deckards logs:

Deckard's System Scanner v20071014.68
Run by 2Late on 2008-02-04 12:14:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-02-04 17:14:39 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-01-31 18:49:01 UTC - RP2 - ComboFix created restore point
1: 2008-01-31 18:48:52 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as 2Late.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\2Late\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\2Late.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{405D94E0-0BB8-3084-1228-051107050002}] "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7109 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080118-164341-692 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-164749-277 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-165236-804 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-165307-958 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-165359-331 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-165725-261 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-172311-473 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-172405-735 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-172749-308 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-173131-935 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-173141-898 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-174755-582 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080118-180143-836 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080122-222547-535 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080122-224331-677 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080201-135513-299 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
backup-20080201-140044-397 O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 xkvnmylz - c:\windows\system32\drivers\eebxcyus.dat
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 L6DP - c:\windows\system32\drivers\l6dp.sys (file missing)
S3 L6PODLV (PODxt Live Service) - c:\windows\system32\drivers\l6podlv.sys (file missing)
S3 NVR0Dev - c:\windows\nvoclock.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Contrôleur de bus SM
Device ID: PCI\VEN_10DE&DEV_0034&SUBSYS_818A1043&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: Contrôleur de bus SM
PNP Device ID: PCI\VEN_10DE&DEV_0034&SUBSYS_818A1043&REV_A2\3&2411E6FE&0&51
Service:


-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-01-29 10:41:47 692224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll <Not Verified; CIA, The Company; ciaResSvr20>
2008-01-29 10:41:46 53248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll <Not Verified; CIA, The Company; ciaXPRegSvr20>
2008-01-29 10:41:46 40960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.dll <Not Verified; CIA, The Company; ciaSubClsSvr>
2008-01-29 10:41:41 0 d-------- C:\Program Files\industryplayer
2008-01-27 19:47:52 0 d-------- C:\Program Files\Dream Girls Tetris
2008-01-27 19:29:49 0 d-------- C:\Documents and Settings\2Late\Application Data\Thinstall
2008-01-25 18:43:02 0 d-------- C:\Program Files\The Witcher
2008-01-25 18:32:58 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-25 18:32:33 0 d-------- C:\Documents and Settings\2Late\Application Data\DAEMON Tools Pro
2008-01-25 18:30:14 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-01-22 19:01:59 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 19:01:52 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-22 19:01:52 0 d-------- C:\Documents and Settings\2Late\Application Data\SUPERAntiSpyware.com
2008-01-22 13:28:26 0 d-------- C:\Documents and Settings\2Late\Application Data\Grisoft
2008-01-22 13:28:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 13:23:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-18 17:25:16 0 d-------- C:\WINDOWS\system32\xircom
2008-01-18 17:25:15 0 d-------- C:\Program Files\microsoft frontpage
2008-01-18 16:40:44 0 d-------- C:\Program Files\Trend Micro
2008-01-18 14:28:15 0 d--hs---- C:\WINDOWS\CSC
2008-01-18 13:20:11 0 d-------- C:\Program Files\Sun
2008-01-18 11:37:21 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-01-18 11:37:21 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-01-17 23:56:39 0 dr-h----- C:\$VAULT$.AVG
2008-01-17 21:59:10 19584 --a------ C:\WINDOWS\system32\drivers\eebxcyus.dat
2008-01-17 21:58:40 84992 --a------ C:\WINDOWS\system32\bthser.dll


-- Find3M Report ---------------------------------------------------------------

2008-02-04 11:23:39 0 d-------- C:\Program Files\PokerStars
2008-02-03 17:43:45 60 --a------ C:\WINDOWS\popcinfo.dat
2008-02-03 13:15:50 0 d-------- C:\Documents and Settings\2Late\Application Data\uTorrent
2008-02-01 13:58:08 825 --ahs---- C:\WINDOWS\system32\mmf.sys
2008-01-27 01:40:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 00:21:40 0 d-------- C:\Documents and Settings\2Late\Application Data\LimeWire
2008-01-22 19:00:53 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 17:05:23 0 d-------- C:\Program Files\TClock
2008-01-18 17:05:23 0 d-------- C:\Program Files\Fichiers communs
2008-01-18 13:20:05 0 d-------- C:\Program Files\Java
2008-01-18 11:23:50 0 d-------- C:\Program Files\Creative
2008-01-17 21:55:16 0 d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2008-01-03 10:49:57 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-01-03 10:49:57 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-01-02 22:43:03 0 d-------- C:\Program Files\FotoSketcher
2007-12-31 09:53:58 0 d---s---- C:\Program Files\Xfire
2007-12-30 21:41:32 0 d-------- C:\Documents and Settings\2Late\Application Data\Xfire
2007-12-05 01:41:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-11-18 08:39:25 669184 --a------ C:\WINDOWS\system32\pbsvc.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F861D2EB-E147-4F53-AEB9-ADCDD796DC7D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" []
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 17:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-26 17:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 09:16]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 05:03]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"nwiz"="nwiz.exe" [2007-12-05 01:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:54]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 11:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{405D94E0-0BB8-3084-1228-051107050002}"="C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
"C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsmax9_32"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"TapiSrv"=2 (0x2)
"NVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whAgent.exe"
"webHancer Survey Companion"="C:\Program Files\webHancer\Programs\whSurvey.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb6d65f-cb9d-11dc-ab70-0015f2ee21fe}]
AutoRun\command- G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf13ae2-13a5-11db-aacf-0015f2ee21fe}]
AutoRun\command- G:\CojLauncher.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 preymaster.humanhead.com


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 2047.48 MiB / 1625.86 MiB
Pagefile Memory (total/avail): 3939.87 MiB / 3672.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.17 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 79.17 GiB total, 32.01 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 27.9 GiB free.
E: is Fixed (NTFS) - 111.78 GiB total, 22.77 GiB free.
F: is CDROM (No Media)
G: is CDROM (CDFS)
H: is CDROM (No Media)
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1604N - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 79.17 GiB - C:
\PARTITION1 - Étendu avec Inter. 13 étendue - 48.83 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD1200JB-00DUA3 - 111.79 GiB - 1 partition
\PARTITION0 - Étendu avec Inter. 13 étendue - 111.78 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Documents and Settings\\2Late\\Bureau\\utorrent.exe"="C:\\Documents and Settings\\2Late\\Bureau\\utorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\2Late\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=2LATE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\2Late
LOGONSERVER=\\2LATE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\2Late\LOCALS~1\Temp
TMP=C:\DOCUME~1\2Late\LOCALS~1\Temp
USERDOMAIN=2LATE
USERNAME=2Late
USERPROFILE=C:\Documents and Settings\2Late
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

2Late (admin)
Administrateur (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy2ZS\Program\SETUP.EXE" /S /U /W /L:FRN
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\Setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c /remove
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x40c /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dsmax ancillary install --> MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AGEIA PhysX v7.05.17 --> MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
ArcSoft Multimedia Email --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.EXE" -l0x40c -uninst
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x40c
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x040c -removeonly
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Creative Audio Console --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x40c /remove
Creative System Information --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x40c /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c /remove
Creative WebCam Instant Driver (1.01.02.0729) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CureROM Pro 2.0.3.3 --> C:\Program Files\CureROM\uninst.exe
Dream Girls Tetris --> MsiExec.exe /I{EFD7965A-33FF-4F2E-BA7F-4B94A75B817A}
FBX Plugin 2006.08 for Max 9.0 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
FotoSketcher 1.3 --> "C:\Program Files\FotoSketcher\unins000.exe"
Fraps (remove only) --> "C:\Program Files\Fraps\uninstall.exe"
FUJIFILM FinePixViewer S Ver.2.1 --> C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperSnap-DX 5 --> C:\Program Files\HyperSnap-DX 5\HprUnInst.exe
Icons --> C:\WINDOWS\system32\uninstIcn.exe
IndustryPlayer 5 --> C:\PROGRA~1\INDUST~1\UNWISE.EXE C:\PROGRA~1\INDUST~1\INSTALL.LOG
Installer Yahoo! Messenger --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x40c /remove
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.1_07 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA532E73-1BB7-11D8-9D6A-00010240CE95}\Setup.exe"
Java 2 SDK, SE v1.4.1_07 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE303AFF-1BBB-11D8-9D6A-00010240CE95}\setup.exe" Anytext
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java Web Start --> "C:\Program Files\Java\jre1.5.0_06\bin\uninst-javaws.exe"
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
K-Lite Codec Pack 2.73 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
K-Lite v2.7.2 --> "C:\Program Files\K-Lite\unins000.exe"
Kaput Version 4 --> "C:\Program Files\Kaput\unins000.exe"
LimeWire PRO 4.13.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Contribute 3 --> MsiExec.exe /I{4DA99032-B859-44BF-A4E6-0AF999E6A0FB}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager --> MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Manuel d'utilisation de Creative WebCam Instant (Français) --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Manuel d'utilisation de Creative WebCam Instant\French\CTManual.isu"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Monopoly --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20FA8AEE-E785-4F79-98EB-2067A8F395F4}\setup.exe" -l0x9
Motorola Driver Installation --> MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{692854CC-97EF-4307-B787-8C6787B91033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PC Probe II --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Poser 7 --> C:\WINDOWS\unvise32.exe C:\Program Files\e frontier\Poser 7\uninstal.log
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Sonic Foundry Sound Forge 6.0e --> MsiExec.exe /I{B3DE6A9E-1FD0-4208-92F4-EC9004E34774}
Sonic Foundry Vegas 4.0 --> MsiExec.exe /I{AACDE433-670D-429B-B90B-A177AFAFD610}
SonicStage 3.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x40c UNINSTALL -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TorrenTopia Client --> C:\PROGRA~1\TORREN~1\UNWISE.EXE C:\PROGRA~1\TORREN~1\INSTALL.LOG
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordBiz version 1.8 --> "C:\Program Files\WordBiz\unins000.exe"
Xbox 360 Controller for Windows --> "C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
xp-AntiSpy 3.96-2 --> C:\Program Files\xp-AntiSpy\Uninstall.exe
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type76 / Success
Event Submitted/Written: 02/02/2008 02:21:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type71 / Error
Event Submitted/Written: 02/01/2008 02:32:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée FinePixViewerS.exe, version 2.1.0.2, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Event Record #/Type70 / Error
Event Submitted/Written: 02/01/2008 02:31:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée FinePixViewerS.exe, version 2.1.0.2, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Event Record #/Type63 / Error
Event Submitted/Written: 02/01/2008 01:57:09 PM
Event ID/Source: 1512 / Userenv
Event Description:
Windows ne peut pas décharger votre fichier Registre. La mémoire utilisée par le Registre n'a pas été libérée. Cela est souvent dû à des services qui s'exécutent sous un compte d'utilisateur ; essayez de configurer les services pour qu'ils s'exécutent sous le compte LocalService ou NetworkService. Si ce problème persiste, contactez votre administrateur.


DÉTAIL - Ressources système insuffisantes pour terminer le service demandé.

Event Record #/Type50 / Error
Event Submitted/Written: 01/31/2008 00:48:01 PM
Event ID/Source: 1512 / Userenv
Event Description:
Windows ne peut pas décharger votre fichier Registre. La mémoire utilisée par le Registre n'a pas été libérée. Cela est souvent dû à des services qui s'exécutent sous un compte d'utilisateur ; essayez de configurer les services pour qu'ils s'exécutent sous le compte LocalService ou NetworkService. Si ce problème persiste, contactez votre administrateur.


DÉTAIL - Ressources système insuffisantes pour terminer le service demandé.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13646 / Warning
Event Submitted/Written: 02/05/2008 00:07:07 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0015F2EE21FE. Il s'est
produit l'erreur suivante :
%%1223.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type13643 / Warning
Event Submitted/Written: 02/04/2008 10:09:12 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0015F2EE21FE. Il s'est
produit l'erreur suivante :
%%1223.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type13642 / Error
Event Submitted/Written: 02/03/2008 11:19:41 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service MDM avec les arguments ""
pour démarrer le serveur :
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type13641 / Error
Event Submitted/Written: 02/03/2008 11:19:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service MDM avec les arguments ""
pour démarrer le serveur :
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Event Record #/Type13640 / Error
Event Submitted/Written: 02/03/2008 11:19:32 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service MDM avec les arguments ""
pour démarrer le serveur :
{0C0A3666-30C9-11D0-8F20-00805F2CD064}



-- End of Deckard's System Scanner: finished at 2008-02-04 12:16:31 ------------


-- End of Deckard's System Scanner: finished at 2008-02-04 12:16:31 ------------
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.




Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i did what you ask, here are the 2 logs:

ComboFix 08-02.03.1 - 2Late 2008-02-04 13:48:16.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1591 [GMT -5:00]
Endroit: C:\Documents and Settings\2Late\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-04 12:13 . 2008-02-04 12:13 <REP> d-------- C:\Deckard
2008-02-01 13:56 . 2008-02-01 13:56 <REP> d-------- C:\_OTMoveIt
2008-01-29 10:41 . 2008-02-03 23:19 <REP> d-------- C:\Program Files\industryplayer
2008-01-29 10:41 . 2006-06-29 21:53 1,593,344 --a------ C:\WINDOWS\system32\ActiveMySQLSE.ocx
2008-01-29 10:41 . 2003-12-14 12:47 692,224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll
2008-01-29 10:41 . 2007-05-12 18:12 688,416 --a------ C:\WINDOWS\system32\wodHttp.dll
2008-01-29 10:41 . 2000-05-21 20:00 244,416 --a------ C:\WINDOWS\system32\MsFlxGrd.ocx
2008-01-29 10:41 . 2004-04-18 08:19 188,416 --a------ C:\WINDOWS\system32\ciaXPButton20.ocx
2008-01-29 10:41 . 2000-05-21 20:00 140,488 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-01-29 10:41 . 2002-07-25 04:08 65,536 --a------ C:\WINDOWS\system32\cpvSlider.ocx
2008-01-29 10:41 . 2003-12-12 13:41 53,248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll
2008-01-29 10:41 . 2003-02-23 20:45 40,960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.dll
2008-01-27 19:47 . 2008-01-27 19:47 <REP> d-------- C:\Program Files\Dream Girls Tetris
2008-01-27 19:29 . 2008-01-27 19:29 <REP> d-------- C:\Documents and Settings\2Late\Application Data\Thinstall
2008-01-25 19:05 . 2008-01-25 19:05 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-25 19:05 . 2008-01-25 19:05 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-25 19:03 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-25 19:03 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-25 19:03 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-25 19:03 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-01-25 19:03 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-25 19:03 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-25 19:03 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-01-25 19:03 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-25 18:43 . 2008-01-27 01:40 <REP> d-------- C:\Program Files\The Witcher
2008-01-25 18:32 . 2008-01-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-25 18:32 . 2008-01-25 18:32 <REP> d-------- C:\Documents and Settings\2Late\Application Data\DAEMON Tools Pro
2008-01-25 18:30 . 2008-01-25 18:40 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-22 19:01 . 2008-01-31 11:15 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\Documents and Settings\2Late\Application Data\SUPERAntiSpyware.com
2008-01-22 13:28 . 2008-01-22 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 13:28 . 2008-01-22 13:28 <REP> d-------- C:\Documents and Settings\2Late\Application Data\Grisoft
2008-01-22 13:28 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 13:23 . 2008-01-22 13:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-18 17:25 . 2008-01-18 17:25 <REP> d-------- C:\WINDOWS\system32\xircom
2008-01-18 17:25 . 2008-01-18 17:25 <REP> d-------- C:\Program Files\microsoft frontpage
2008-01-18 16:40 . 2008-01-18 16:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-18 13:20 . 2008-01-18 13:20 <REP> d-------- C:\Program Files\Sun
2008-01-18 13:20 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-18 11:37 . 1999-12-13 01:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-18 11:37 . 1999-11-18 01:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-18 11:24 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-01-17 21:59 . 19,584 C:\WINDOWS\system32\drivers\eebxcyus.dat
2008-01-17 21:58 . 2004-08-03 18:54 84,992 --a------ C:\WINDOWS\system32\bthser.dll
2008-01-13 11:26 . 2008-01-13 11:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 11:26 . 2008-01-13 11:26 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 16:23 --------- d-----w C:\Program Files\PokerStars
2008-02-03 18:15 --------- d-----w C:\Documents and Settings\2Late\Application Data\uTorrent
2008-01-27 06:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 05:21 --------- d-----w C:\Documents and Settings\2Late\Application Data\LimeWire
2008-01-25 23:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-24 19:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-23 00:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 22:05 --------- d-----w C:\Program Files\TClock
2008-01-18 18:20 --------- d-----w C:\Program Files\Java
2008-01-18 16:23 --------- d-----w C:\Program Files\Creative
2008-01-18 02:55 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-01-18 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-03 15:49 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-03 15:49 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-03 03:51 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-03 03:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-03 03:43 --------- d-----w C:\Program Files\FotoSketcher
2007-12-31 14:53 --------- d-s---w C:\Program Files\Xfire
2007-12-31 02:41 --------- d-----w C:\Documents and Settings\2Late\Application Data\Xfire
2007-12-05 07:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 06:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 06:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 06:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 06:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 06:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 06:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 06:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 06:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 06:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 06:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 06:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 06:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 06:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 06:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 06:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 06:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 06:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 06:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 06:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 06:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 06:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 06:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 06:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 06:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 06:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 06:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 06:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 06:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 06:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 06:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 06:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 06:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 06:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 06:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 06:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 06:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 06:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 06:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 06:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 06:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 06:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 06:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F861D2EB-E147-4F53-AEB9-ADCDD796DC7D}]
2004-08-03 18:54 84992 --a------ C:\WINDOWS\system32\bthser.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:54 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 11:00 135168]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [ ]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 17:05 734264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-26 17:36 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 09:16 86016]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 05:03 221184]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 16:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-03 16:54 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 16:37 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{405D94E0-0BB8-3084-1228-051107050002}"= "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 12:32 94208 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 05:03 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2003-06-12 08:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 19:58 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsmax9_32"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"TapiSrv"=2 (0x2)
"NVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whAgent.exe"
"webHancer Survey Companion"="C:\Program Files\webHancer\Programs\whSurvey.exe"

R0 xkvnmylz;xkvnmylz;C:\WINDOWS\system32\drivers\eebxcyus.dat []
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-09-27 11:49]
S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys []
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf13ae2-13a5-11db-aacf-0015f2ee21fe}]
\Shell\AutoRun\command - G:\CojLauncher.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 13:50:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 13:51:16
ComboFix2.txt 2008-02-01 18:52:23
ComboFix3.txt 2008-01-23 03:41:30


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {F861D2EB-E147-4F53-AEB9-ADCDD796DC7D} - C:\WINDOWS\system32\bthser.dll
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{405D94E0-0BB8-3084-1228-051107050002}] "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7195 bytes
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\drivers\eebxcyus.dat
C:\WINDOWS\system32\bthser.dll
G:\CojLauncher.exe

Folder::
C:\Program Files\webHancer

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"webHancer Agent"=-
"webHancer Survey Companion"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bf13ae2-13a5-11db-aacf-0015f2ee21fe}]

Driver::
xkvnmylz


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log
  • 0

#7
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok... without any deep investigations, i can say that it seems to have disapeared. My AVG didnt alert me when i came here to reply, and he always did before. So anyway, here are my logs:

ComboFix 08-02.03.1 - 2Late 2008-02-04 15:19:18.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1564 [GMT -5:00]
Endroit: C:\Documents and Settings\2Late\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\2Late\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE
C:\WINDOWS\system32\bthser.dll
C:\WINDOWS\system32\drivers\eebxcyus.dat
G:\CojLauncher.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bthser.dll
C:\WINDOWS\system32\drivers\eebxcyus.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_XKVNMYLZ
-------\xkvnmylz


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-04 12:13 . 2008-02-04 12:13 <REP> d-------- C:\Deckard
2008-02-01 13:56 . 2008-02-01 13:56 <REP> d-------- C:\_OTMoveIt
2008-01-29 10:41 . 2008-02-03 23:19 <REP> d-------- C:\Program Files\industryplayer
2008-01-29 10:41 . 2006-06-29 21:53 1,593,344 --a------ C:\WINDOWS\system32\ActiveMySQLSE.ocx
2008-01-29 10:41 . 2003-12-14 12:47 692,224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll
2008-01-29 10:41 . 2007-05-12 18:12 688,416 --a------ C:\WINDOWS\system32\wodHttp.dll
2008-01-29 10:41 . 2000-05-21 20:00 244,416 --a------ C:\WINDOWS\system32\MsFlxGrd.ocx
2008-01-29 10:41 . 2004-04-18 08:19 188,416 --a------ C:\WINDOWS\system32\ciaXPButton20.ocx
2008-01-29 10:41 . 2000-05-21 20:00 140,488 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-01-29 10:41 . 2002-07-25 04:08 65,536 --a------ C:\WINDOWS\system32\cpvSlider.ocx
2008-01-29 10:41 . 2003-12-12 13:41 53,248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll
2008-01-29 10:41 . 2003-02-23 20:45 40,960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.dll
2008-01-27 19:47 . 2008-01-27 19:47 <REP> d-------- C:\Program Files\Dream Girls Tetris
2008-01-27 19:29 . 2008-01-27 19:29 <REP> d-------- C:\Documents and Settings\2Late\Application Data\Thinstall
2008-01-25 19:05 . 2008-01-25 19:05 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-25 19:05 . 2008-01-25 19:05 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-25 19:03 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-25 19:03 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-25 19:03 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-25 19:03 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-01-25 19:03 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-25 19:03 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-25 19:03 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-01-25 19:03 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-25 18:43 . 2008-01-27 01:40 <REP> d-------- C:\Program Files\The Witcher
2008-01-25 18:32 . 2008-01-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-25 18:32 . 2008-01-25 18:32 <REP> d-------- C:\Documents and Settings\2Late\Application Data\DAEMON Tools Pro
2008-01-25 18:30 . 2008-01-25 18:40 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-22 19:01 . 2008-01-31 11:15 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\Documents and Settings\2Late\Application Data\SUPERAntiSpyware.com
2008-01-22 13:28 . 2008-01-22 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 13:28 . 2008-01-22 13:28 <REP> d-------- C:\Documents and Settings\2Late\Application Data\Grisoft
2008-01-22 13:28 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 13:23 . 2008-01-22 13:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-18 17:25 . 2008-01-18 17:25 <REP> d-------- C:\WINDOWS\system32\xircom
2008-01-18 17:25 . 2008-01-18 17:25 <REP> d-------- C:\Program Files\microsoft frontpage
2008-01-18 16:40 . 2008-01-18 16:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-18 13:20 . 2008-01-18 13:20 <REP> d-------- C:\Program Files\Sun
2008-01-18 13:20 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-18 11:37 . 1999-12-13 01:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-18 11:37 . 1999-11-18 01:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-18 11:24 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-01-13 11:26 . 2008-01-13 11:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 11:26 . 2008-01-13 11:26 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 20:02 --------- d-----w C:\Program Files\PokerStars
2008-02-03 18:15 --------- d-----w C:\Documents and Settings\2Late\Application Data\uTorrent
2008-01-27 06:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 05:21 --------- d-----w C:\Documents and Settings\2Late\Application Data\LimeWire
2008-01-25 23:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-23 00:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 22:05 --------- d-----w C:\Program Files\TClock
2008-01-18 18:20 --------- d-----w C:\Program Files\Java
2008-01-18 16:23 --------- d-----w C:\Program Files\Creative
2008-01-18 02:55 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-01-18 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-03 03:51 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-03 03:43 --------- d-----w C:\Program Files\FotoSketcher
2007-12-31 14:53 --------- d-s---w C:\Program Files\Xfire
2007-12-31 02:41 --------- d-----w C:\Documents and Settings\2Late\Application Data\Xfire
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-18 13:40 22,328 ----a-w C:\Documents and Settings\2Late\Application Data\PnkBstrK.sys
2007-05-07 23:02 92,064 ----a-w C:\Documents and Settings\2Late\mqdmmdm.sys
2007-05-07 23:02 9,232 ----a-w C:\Documents and Settings\2Late\mqdmmdfl.sys
2007-05-07 23:02 79,328 ----a-w C:\Documents and Settings\2Late\mqdmserd.sys
2007-05-07 23:02 66,656 ----a-w C:\Documents and Settings\2Late\mqdmbus.sys
2007-05-07 23:02 6,208 ----a-w C:\Documents and Settings\2Late\mqdmcmnt.sys
2007-05-07 23:02 5,936 ----a-w C:\Documents and Settings\2Late\mqdmwhnt.sys
2007-05-07 23:02 4,048 ----a-w C:\Documents and Settings\2Late\mqdmcr.sys
2007-05-07 23:02 25,600 ----a-w C:\Documents and Settings\2Late\usbsermptxp.sys
2007-05-07 23:02 22,768 ----a-w C:\Documents and Settings\2Late\usbsermpt.sys
2006-11-05 20:46 1 ----a-w C:\Documents and Settings\2Late\SI.bin
2006-07-24 22:59 0 ----a-w C:\Documents and Settings\2Late\Application Data\internaldb41.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:54 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 11:00 135168]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [ ]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 17:05 734264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-26 17:36 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 09:16 86016]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 05:03 221184]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 16:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="cmd.exe" [2004-08-03 16:54 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 16:37 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{405D94E0-0BB8-3084-1228-051107050002}"= "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 12:32 94208 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 05:03 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2003-06-12 08:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 19:58 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsmax9_32"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"TapiSrv"=2 (0x2)
"NVSvc"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-09-27 11:49]
S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys []
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb6d65f-cb9d-11dc-ab70-0015f2ee21fe}]
\Shell\AutoRun\command - G:\autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 15:22:34
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-04 15:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 20:25:48
ComboFix2.txt 2008-02-04 18:51:16
ComboFix3.txt 2008-02-01 18:52:23
ComboFix4.txt 2008-01-23 03:41:30


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{405D94E0-0BB8-3084-1228-051107050002}] "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7222 bytes
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Repeat that for this file

C:\windows\System32\syssetub.dll
  • 0

#9
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hmmm i cant find any of those files myself and neither does the website when i copy paste the file path... what am i doing wrong?
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this instead

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\windows\System32\syssetub.dll

Folder::
C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{405D94E0-0BB8-3084-1228-051107050002}"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKCU\..\Policies\Explorer\Run: [{405D94E0-0BB8-3084-1228-051107050002}] "C:\Program Files\Fichiers communs\{405D94E0-0BB8-3084-1228-051107050002}\Update.exe" mc-110-12-0000103
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O15 - Trusted Zone: *.line6.net


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Reboot and post a new HijackThis log and tell me how your PC is running
  • 0

Advertisements


#11
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok so here is the hijackthis log, tell if it seems to be ok. I think its ok now but just to be sure

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [PRONoMgrWired] "C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescamp...GamesCampus.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 6591 bytes
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix and SUPERAntiSpyware logs
  • 0

#13
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Oops, really sorry :)

ComboFix 08-02.03.1 - 2Late 2008-02-04 18:06:38.9 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1641 [GMT -5:00]
Endroit: C:\Documents and Settings\2Late\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))))))))
.

2008-02-04 12:13 . 2008-02-04 12:13 <REP> d-------- C:\Deckard
2008-02-01 13:56 . 2008-02-01 13:56 <REP> d-------- C:\_OTMoveIt
2008-01-29 10:41 . 2008-02-03 23:19 <REP> d-------- C:\Program Files\industryplayer
2008-01-29 10:41 . 2006-06-29 21:53 1,593,344 --a------ C:\WINDOWS\system32\ActiveMySQLSE.ocx
2008-01-29 10:41 . 2003-12-14 12:47 692,224 --a------ C:\WINDOWS\system32\ciaResSvr20.dll
2008-01-29 10:41 . 2007-05-12 18:12 688,416 --a------ C:\WINDOWS\system32\wodHttp.dll
2008-01-29 10:41 . 2000-05-21 20:00 244,416 --a------ C:\WINDOWS\system32\MsFlxGrd.ocx
2008-01-29 10:41 . 2004-04-18 08:19 188,416 --a------ C:\WINDOWS\system32\ciaXPButton20.ocx
2008-01-29 10:41 . 2000-05-21 20:00 140,488 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-01-29 10:41 . 2002-07-25 04:08 65,536 --a------ C:\WINDOWS\system32\cpvSlider.ocx
2008-01-29 10:41 . 2003-12-12 13:41 53,248 --a------ C:\WINDOWS\system32\ciaXPRegSvr20.dll
2008-01-29 10:41 . 2003-02-23 20:45 40,960 --a------ C:\WINDOWS\system32\ciaSubClsSvr.dll
2008-01-27 19:47 . 2008-01-27 19:47 <REP> d-------- C:\Program Files\Dream Girls Tetris
2008-01-27 19:29 . 2008-01-27 19:29 <REP> d-------- C:\Documents and Settings\2Late\Application Data\Thinstall
2008-01-25 19:05 . 2008-01-25 19:05 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-25 19:05 . 2008-01-25 19:05 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-25 19:03 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-25 19:03 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-25 19:03 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-25 19:03 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-01-25 19:03 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-01-25 19:03 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-25 19:03 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-01-25 19:03 . 2007-07-20 00:54 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-01-25 18:43 . 2008-01-27 01:40 <REP> d-------- C:\Program Files\The Witcher
2008-01-25 18:32 . 2008-01-25 18:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-01-25 18:32 . 2008-01-25 18:32 <REP> d-------- C:\Documents and Settings\2Late\Application Data\DAEMON Tools Pro
2008-01-25 18:30 . 2008-01-25 18:40 <REP> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-22 19:01 . 2008-02-04 18:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-22 19:01 . 2008-01-22 19:01 <REP> d-------- C:\Documents and Settings\2Late\Application Data\SUPERAntiSpyware.com
2008-01-22 13:28 . 2008-01-22 13:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-22 13:28 . 2008-01-22 13:28 <REP> d-------- C:\Documents and Settings\2Late\Application Data\Grisoft
2008-01-22 13:28 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-22 13:23 . 2008-01-22 13:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-18 17:25 . 2008-01-18 17:25 <REP> d-------- C:\WINDOWS\system32\xircom
2008-01-18 17:25 . 2008-01-18 17:25 <REP> d-------- C:\Program Files\microsoft frontpage
2008-01-18 16:40 . 2008-01-18 16:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-18 13:20 . 2008-01-18 13:20 <REP> d-------- C:\Program Files\Sun
2008-01-18 13:20 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-18 11:37 . 1999-12-13 01:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2008-01-18 11:37 . 1999-11-18 01:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2008-01-18 11:24 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd
2008-01-13 11:26 . 2008-01-13 11:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 11:26 . 2008-01-13 11:26 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 20:02 --------- d-----w C:\Program Files\PokerStars
2008-02-03 18:15 --------- d-----w C:\Documents and Settings\2Late\Application Data\uTorrent
2008-01-27 06:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 05:21 --------- d-----w C:\Documents and Settings\2Late\Application Data\LimeWire
2008-01-25 23:27 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-24 19:03 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-01-23 00:00 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-18 22:05 --------- d-----w C:\Program Files\TClock
2008-01-18 18:20 --------- d-----w C:\Program Files\Java
2008-01-18 16:23 --------- d-----w C:\Program Files\Creative
2008-01-18 02:55 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-01-18 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-03 15:49 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-03 15:49 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-01-03 03:51 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-03 03:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-03 03:43 --------- d-----w C:\Program Files\FotoSketcher
2007-12-31 14:53 --------- d-s---w C:\Program Files\Xfire
2007-12-31 02:41 --------- d-----w C:\Documents and Settings\2Late\Application Data\Xfire
2007-12-05 07:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 06:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-12-05 06:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 06:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-12-05 06:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 06:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 06:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-12-05 06:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-12-05 06:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-12-05 06:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-12-05 06:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-12-05 06:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 06:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 06:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-12-05 06:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-12-05 06:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-12-05 06:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-12-05 06:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-12-05 06:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 06:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 06:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-12-05 06:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-12-05 06:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-12-05 06:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-12-05 06:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-12-05 06:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-12-05 06:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-12-05 06:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-12-05 06:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-12-05 06:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-12-05 06:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-12-05 06:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-12-05 06:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-12-05 06:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-12-05 06:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-12-05 06:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-12-05 06:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-12-05 06:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-12-05 06:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-12-05 06:41 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-12-05 06:41 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-12-05 06:41 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-12-05 06:41 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-12-05 06:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-12-05 06:41 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-12-05 06:41 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 06:41 2,519,040 ----a-w C:\WINDOWS\system32\nvwssr.dll
2007-12-05 06:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:54 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 11:00 135168]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [ ]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 17:05 734264]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-26 17:36 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 09:16 86016]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 05:03 221184]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 16:54 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 16:37 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 12:32 94208 C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-08-09 05:03 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a------ 2003-06-12 08:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 19:58 81920 C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsmax9_32"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)
"TapiSrv"=2 (0x2)
"NVSvc"=2 (0x2)

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2006-09-27 11:49]
S3 L6DP;L6DP;C:\WINDOWS\system32\Drivers\l6dp.sys []
S3 L6PODLV;PODxt Live Service;C:\WINDOWS\system32\Drivers\L6PODLV.sys []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 18:08:38
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-04 18:09:07
ComboFix-quarantined-files.txt 2008-02-04 23:08:59
ComboFix2.txt 2008-02-04 21:00:30
ComboFix3.txt 2008-02-04 20:25:51
ComboFix4.txt 2008-02-04 18:51:16
ComboFix5.txt 2008-02-01 18:52:23


SUPERAntiSpyware Scan Log
Generated 02/04/2008 at 05:18 PM

Application Version : 3.6.1000

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 01:10:49

Memory items scanned : 292
Memory threats detected : 0
Registry items scanned : 6874
Registry threats detected : 0
File items scanned : 91857
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\2Late\Cookies\2late@adecn[1].txt
C:\Documents and Settings\2Late\Cookies\2late@adserver[1].txt
C:\Documents and Settings\2Late\Cookies\2late@2099[2].txt
C:\Documents and Settings\2Late\Cookies\2late@2o7[1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][2].txt
C:\Documents and Settings\2Late\Cookies\2late@dealtime[1].txt
C:\Documents and Settings\2Late\Cookies\2late@overture[1].txt
C:\Documents and Settings\2Late\Cookies\2late@networldmedia[1].txt
C:\Documents and Settings\2Late\Cookies\2late@revsci[1].txt
C:\Documents and Settings\2Late\Cookies\2late@realmedia[1].txt
C:\Documents and Settings\2Late\Cookies\2late@questionmarket[2].txt
C:\Documents and Settings\2Late\Cookies\2late@clicktorrent[2].txt
C:\Documents and Settings\2Late\Cookies\[email protected][2].txt
C:\Documents and Settings\2Late\Cookies\2late@adbrite[2].txt
C:\Documents and Settings\2Late\Cookies\2late@pro-market[1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][1].txt
C:\Documents and Settings\2Late\Cookies\2late@1071967982[1].txt
C:\Documents and Settings\2Late\Cookies\2late@1069261323[1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][2].txt
C:\Documents and Settings\2Late\Cookies\[email protected][1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][1].txt
C:\Documents and Settings\2Late\Cookies\2late@serving-sys[1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][2].txt
C:\Documents and Settings\2Late\Cookies\[email protected][2].txt
C:\Documents and Settings\2Late\Cookies\[email protected][1].txt
C:\Documents and Settings\2Late\Cookies\[email protected][1].txt
C:\Documents and Settings\2Late\Cookies\2late@2099[1].txt
C:\Documents and Settings\2Late\Cookies\2late@tribalfusion[2].txt
C:\Documents and Settings\2Late\Cookies\2late@partypoker[2].txt
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
2Late4U2Run

2Late4U2Run

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey thx very much!!! Very appreciated. Im impressed. I wish i could give you more but actually i cant, so please take this reward as well as all my gratitude. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP