Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 - Delf - MZG


  • This topic is locked This topic is locked
14 replies to this topic

#1 NiceRabbit

NiceRabbit

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 05 December 2009 - 03:21 PM

Hello,

One of my computers got infected with the trojan Win32 - Delf - MZG and I am hesitating to format and reinstall Windows, avan though this would be a waste of time ...

Can anyone help there with a more targeted solution?

Below the HJT log and attached the OTL logs (while I was running Avast)

Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:55, on 05/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256463408859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6857 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 06 December 2009 - 10:17 AM

Hi again :(


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 07 December 2009 - 06:07 AM

Hello again, Tom :(

Please find below the GMER report.

Looking forward to hearing from you

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-07 12:00:49
Windows 5.1.2600 Service Pack 3
Running: tzkvfq5n.exe; Driver: C:\DOCUME~1\boris\LOCALS~1\Temp\uwldypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB69856B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6985574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6985A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB698514C]
SSDT spnn.sys ZwEnumerateKey [0xF74F4CA4]
SSDT spnn.sys ZwEnumerateValueKey [0xF74F5032]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB698564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB698508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB69850F0]
SSDT spnn.sys ZwQueryKey [0xF74F510A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB698576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB698572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB69858AE]

INT 0x63 ? 8A313BF8
INT 0x63 ? 8A313BF8
INT 0x63 ? 8A313BF8
INT 0x63 ? 8A313BF8
INT 0x63 ? 89457BF8
INT 0x83 ? 8A388BF8
INT 0x83 ? 89457BF8
INT 0x83 ? 8A388BF8
INT 0x84 ? 89457BF8
INT 0xA4 ? 89457BF8
INT 0xA4 ? 89457BF8
INT 0xA4 ? 89457BF8
INT 0xA4 ? 89457BF8
INT 0xB4 ? 89457BF8

---- Kernel code sections - GMER 1.0.15 ----

? spnn.sys Le fichier spécifié est introuvable. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9753380, 0x34C81F, 0xE8000020]
.text USBPORT.SYS!DllUnload B97338AC 5 Bytes JMP 894571D8
.text a95ievh4.SYS B9351386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a95ievh4.SYS B93513AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a95ievh4.SYS B93513C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a95ievh4.SYS B93513C9 1 Byte [2E]
.text a95ievh4.SYS B93513C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 51981CE2 C:\Program Files\DVD Region+CSS Free\DVDShell.dll (DVD Region-Free Shell Module/Fengtao Software Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spnn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spnn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spnn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spnn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spnn.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74E6E9C] spnn.sys
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!KfAcquireSpinLock] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!READ_PORT_UCHAR] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!KeGetCurrentIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!KfRaiseIrql] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!KfLowerIrql] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!HalGetInterruptVector] 00C73445
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!HalTranslateBusAddress] 00000000
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!KeStallExecutionProcessor] 830C458B
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!KfReleaseSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 053C0D74
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!READ_PORT_USHORT] 57B80974
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 8B000000
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[HAL.dll!WRITE_PORT_UCHAR] 56C35DE5
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[WMILIB.SYS!WmiSystemControl] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a95ievh4.SYS[WMILIB.SYS!WmiCompleteRequest] 8D52FD55

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1124] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1124] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A3841F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 894561F8
Device \Driver\usbuhci \Device\USBPDO-1 894561F8
Device \Driver\usbuhci \Device\USBPDO-2 894561F8
Device \Driver\usbehci \Device\USBPDO-3 894341F8
Device \Driver\usbuhci \Device\USBPDO-4 894561F8
Device \Driver\PCI_PNP2242 \Device\00000048 spnn.sys
Device \Driver\PCI_PNP2242 \Device\00000048 spnn.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 894561F8
Device \Driver\usbuhci \Device\USBPDO-6 894561F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A3861F8
Device \Driver\usbehci \Device\USBPDO-7 894341F8
Device \Driver\Cdrom \Device\CdRom0 893A1500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A3861F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A3861F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e [F7849B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A3861F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A3861F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89154378
Device \Driver\NetBT \Device\NetbiosSmb 89154378
Device \Driver\sptd \Device\1549125992 spnn.sys

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 894561F8
Device \Driver\usbuhci \Device\USBFDO-1 894561F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 891BD500
Device \Driver\usbuhci \Device\USBFDO-2 894561F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 891BD500
Device \Driver\usbehci \Device\USBFDO-3 894341F8
Device \Driver\usbuhci \Device\USBFDO-4 894561F8
Device \Driver\Ftdisk \Device\FtControl 8A3861F8
Device \Driver\usbuhci \Device\USBFDO-5 894561F8
Device \Driver\usbuhci \Device\USBFDO-6 894561F8
Device \Driver\usbehci \Device\USBFDO-7 894341F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8A3851F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 8A3851F8
Device \Driver\a95ievh4 \Device\Scsi\a95ievh41 892F01F8
Device \FileSystem\Cdfs \Cdfs 89263500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x08 0xCD 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0x00 0xC6 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDA 0x08 0xCD 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x45 0x00 0xC6 0xD8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xDD 0xD8 0xB5 0x1F ...

---- EOF - GMER 1.0.15 ----

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 07 December 2009 - 02:19 PM

Hi,



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 08 December 2009 - 03:03 AM

Hello Tom,

Please find below the log of Combofix (renamed with your name for the occasion :( ) It removed 2 dll

Sorry my system is in French ...

Thanks

ComboFix 09-12-07.07 - boris 08/12/2009 8:54.1.4 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3327.2860 [GMT 1:00]
Lancé depuis: c:\documents and settings\boris\Bureau\Schrauber.exe
AV: avast! antivirus 4.8.1368 [VPS 091207-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-08 au 2009-12-08 ))))))))))))))))))))))))))))))))))))
.

2009-12-06 13:27 . 2009-12-06 13:27 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-12-06 13:00 . 2009-12-06 13:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2009-12-06 12:05 . 2009-11-17 09:17 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-06 12:04 . 2009-12-06 12:05 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-12-06 12:04 . 2009-12-06 12:04 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-06 11:53 . 2009-12-06 11:53 -------- d-----w- c:\program files\ProcessExplorer
2009-12-06 08:27 . 2009-12-06 08:27 -------- d-----w- c:\documents and settings\boris\Application Data\Malwarebytes
2009-12-06 08:27 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-06 08:27 . 2009-12-06 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-06 08:27 . 2009-12-06 08:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-06 08:27 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 20:06 . 2009-12-05 20:06 -------- d-----w- c:\program files\Trend Micro
2009-12-03 21:29 . 2009-12-03 21:29 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-01 23:13 . 2009-12-01 23:13 7278 ----a-r- c:\documents and settings\boris\Application Data\Microsoft\Installer\{57512081-5660-4A8F-9ACD-1574CE11F7BA}\_bb32ea6.exe
2009-12-01 23:13 . 2009-12-01 23:13 7278 ----a-r- c:\documents and settings\boris\Application Data\Microsoft\Installer\{57512081-5660-4A8F-9ACD-1574CE11F7BA}\_5af141bb.exe
2009-12-01 23:13 . 2009-12-01 23:13 7278 ----a-r- c:\documents and settings\boris\Application Data\Microsoft\Installer\{57512081-5660-4A8F-9ACD-1574CE11F7BA}\_26e91eb.exe
2009-12-01 23:13 . 2009-12-01 23:13 -------- d-----w- c:\program files\COMPACT
2009-11-29 21:06 . 2009-11-29 21:06 -------- d-----w- c:\documents and settings\boris\.VirtualBox
2009-11-29 20:50 . 2009-11-29 20:50 -------- d-----w- c:\documents and settings\boris\VirtualBox-backup
2009-11-20 10:16 . 2009-11-20 10:18 -------- d-----w- c:\documents and settings\All Users\AdobeTemp
2009-11-12 08:03 . 2009-11-12 08:03 -------- d-----w- c:\program files\MSXML 4.0
2009-11-12 08:03 . 2009-11-12 08:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-11 09:40 . 2009-11-11 09:41 -------- d-----w- c:\documents and settings\boris\Application Data\Canon
2009-11-11 09:39 . 2009-11-11 09:39 -------- d-----w- c:\program files\Canon
2009-11-11 09:29 . 2008-04-13 10:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-11 09:29 . 2008-04-13 10:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-11 09:29 . 2008-04-13 10:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-11 09:29 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-11 09:29 . 2008-04-13 10:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-11 09:29 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-11 09:20 . 2009-11-11 09:20 -------- d-----w- c:\windows\system32\DocucomRes6
2009-11-11 09:20 . 2009-11-11 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\zeon
2009-11-11 09:19 . 2009-11-11 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-11 09:19 . 2009-11-11 09:19 -------- d-----w- c:\documents and settings\boris\Application Data\ScanSoft
2009-11-11 09:19 . 2009-11-11 09:19 -------- d-----w- c:\program files\Fichiers communs\ScanSoft Shared
2009-11-11 09:19 . 2009-11-11 09:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-11-11 09:19 . 2009-11-11 09:20 -------- d-----w- c:\program files\ScanSoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-08 07:53 . 2008-04-14 12:00 84526 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-08 07:53 . 2008-04-14 12:00 510324 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-06 13:36 . 2009-10-25 11:34 -------- d-----w- c:\program files\WinSCP
2009-12-06 13:07 . 2009-10-25 10:06 -------- d-----w- c:\documents and settings\boris\Application Data\Skype
2009-12-06 13:07 . 2009-10-25 11:19 -------- d-----w- c:\documents and settings\boris\Application Data\vlc
2009-12-06 12:04 . 2009-10-24 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-12-06 11:47 . 2009-10-24 21:17 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-12-06 08:52 . 2009-10-24 20:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-06 08:51 . 2009-10-24 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-06 08:26 . 2009-10-24 20:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-06 08:26 . 2009-10-24 20:55 -------- d-----w- c:\program files\SpywareBlaster
2009-11-24 23:54 . 2009-10-24 20:14 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-24 20:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-24 20:14 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-24 20:14 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-24 20:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-24 20:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-17 09:12 . 2009-10-24 21:18 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-11 09:26 . 2009-10-24 21:22 27664 ----a-w- c:\documents and settings\boris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 09:19 . 2009-10-24 19:49 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-11-10 22:09 . 2009-10-25 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-09 12:29 . 2009-10-26 11:53 -------- d-----w- c:\documents and settings\boris\Application Data\FileZilla
2009-11-09 09:27 . 2009-10-26 11:53 -------- d-----w- c:\program files\FileZilla FTP Client
2009-10-26 16:14 . 2009-10-26 16:14 -------- d-----w- c:\program files\D-Link
2009-10-26 16:14 . 2009-10-24 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 16:13 . 2009-10-26 16:13 -------- d-----w- c:\documents and settings\boris\Application Data\InstallShield
2009-10-26 16:11 . 2009-10-24 18:51 76507 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 11:30 . 2009-10-26 11:30 -------- d-----w- c:\program files\IrfanView
2009-10-25 15:06 . 2009-10-25 15:06 -------- d-----w- c:\program files\Symantec
2009-10-25 14:24 . 2009-10-25 14:24 -------- d-----w- c:\program files\DVD Region+CSS Free
2009-10-25 13:39 . 2009-10-25 13:39 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-10-25 13:39 . 2009-10-25 13:39 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-10-25 13:39 . 2009-10-25 13:39 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-10-25 13:39 . 2009-10-25 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2009-10-25 13:35 . 2009-10-25 13:35 -------- d-----w- c:\program files\Alcohol Soft
2009-10-25 12:25 . 2008-08-14 06:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-10-25 12:24 . 2009-10-25 09:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-25 12:21 . 2009-10-25 09:21 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-10-25 11:37 . 2009-10-25 11:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-25 11:36 . 2009-10-25 11:36 -------- d--h--w- c:\program files\CanonBJ
2009-10-25 10:52 . 2009-10-25 09:56 -------- d-----w- c:\program files\Microsoft Works
2009-10-25 10:06 . 2009-10-25 10:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-25 10:06 . 2009-10-25 10:06 -------- d-----w- c:\documents and settings\boris\Application Data\skypePM
2009-10-25 10:06 . 2009-10-25 10:05 -------- d-----r- c:\program files\Skype
2009-10-25 10:05 . 2009-10-25 10:05 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-10-25 10:05 . 2009-10-25 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-25 09:58 . 2009-10-25 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-25 09:55 . 2009-10-25 09:55 -------- d-----w- c:\program files\Microsoft.NET
2009-10-25 09:48 . 2009-10-25 09:48 -------- d-----w- c:\program files\Microsoft
2009-10-25 09:48 . 2009-10-25 09:46 -------- d-----w- c:\program files\Windows Live
2009-10-25 09:47 . 2009-10-25 09:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-25 09:46 . 2009-10-25 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-10-25 09:39 . 2009-10-25 09:39 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-10-25 09:30 . 2009-10-25 09:30 -------- d-----w- c:\program files\Adobe Media Player
2009-10-25 09:28 . 2009-10-25 09:28 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2009-10-25 09:23 . 2009-10-25 09:23 -------- d-----w- c:\program files\Fichiers communs\Macrovision Shared
2009-10-25 09:19 . 2009-10-25 09:19 -------- d-----w- c:\program files\VideoLAN
2009-10-24 21:27 . 2009-10-24 21:27 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-24 21:18 . 2009-10-24 21:18 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-10-24 21:18 . 2009-10-24 21:18 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-10-24 21:17 . 2009-10-24 21:17 -------- d-----w- c:\documents and settings\boris\Application Data\TuneUp Software
2009-10-24 21:17 . 2009-10-24 21:17 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-10-24 21:03 . 2009-10-24 21:03 128 ----a-w- c:\documents and settings\boris\Local Settings\Application Data\fusioncache.dat
2009-10-24 20:59 . 2009-10-24 20:58 -------- d-----w- c:\program files\CleanUp!
2009-10-24 20:44 . 2009-10-24 20:34 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-24 20:39 . 2009-10-24 20:39 -------- d-----w- c:\program files\MSBuild
2009-10-24 20:39 . 2009-10-24 20:39 -------- d-----w- c:\program files\Reference Assemblies
2009-10-24 20:34 . 2009-10-24 20:34 -------- d-----w- c:\documents and settings\boris\Application Data\Windows Desktop Search
2009-10-24 20:34 . 2009-10-24 20:34 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-24 20:14 . 2009-10-24 20:14 -------- d-----w- c:\program files\Alwil Software
2009-10-24 20:11 . 2009-10-24 20:11 0 ----a-w- c:\windows\nsreg.dat
2009-10-24 19:59 . 2009-10-24 19:59 -------- d-----w- c:\program files\Downloaded Installations
2009-10-24 19:51 . 2009-10-24 19:51 -------- d-----w- c:\program files\ASUS
2009-10-24 19:50 . 2009-10-24 19:50 -------- d-----w- c:\program files\Intel
2009-10-24 19:49 . 2009-10-24 19:49 -------- d-----w- c:\program files\Realtek
2009-10-24 19:49 . 2009-10-24 19:49 319488 ----a-w- c:\windows\HideWin.exe
2009-10-24 19:48 . 2009-10-24 19:48 -------- d-----w- c:\program files\Marvell
2009-10-24 19:41 . 2009-10-24 19:41 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-24 19:41 . 2009-10-24 19:40 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-10-24 19:39 . 2009-10-24 19:39 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros
2009-10-24 18:52 . 2009-10-24 18:52 -------- d-----w- c:\program files\microsoft frontpage
2009-10-24 18:51 . 2009-10-24 18:51 -------- d-----w- c:\program files\Services en ligne
2009-10-24 18:50 . 2009-10-24 18:50 21892 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-08 13:57 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2008-04-14 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-25 05:36 . 2009-09-25 05:36 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-15 10:56 . 2009-10-24 20:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-10-24 20:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-10-24 20:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"OpAgent"="c:\program files\ScanSoft\OmniPage15.0\OpAgent.exe" /agent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" -r
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe_ID0ENQBO"=c:\progra~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"ScanSoft OmniPage 15.0-reminder"="c:\program files\ScanSoft\OmniPage15.0\Ereg\ereg.exe" -r "c:\documents and settings\All Users\Application Data\ScanSoft\OmniPage15.0\Ereg\ereg.ini"
"Opware15"="c:\program files\ScanSoft\OmniPage15.0\Opware15.exe"
"PDF3 Registry Controller"="c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [22/07/2008 09:01 151592]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/10/2009 21:14 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/10/2009 21:14 20560]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/11/2009 10:15 1021256]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [26/10/2009 17:14 57344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/10/2009 22:27 721904]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 05:46 288112]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe [26/10/2009 17:14 356434]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Examen supplémentaire -------
.
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Open with Scansoft PDF Converter 3.0 - c:\program files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
FF - ProfilePath - c:\documents and settings\boris\Application Data\Mozilla\Firefox\Profiles\vr8ac8vf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 08:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:dd,d8,b5,1f,5b,76,2e,de,8b,ab,3c,cb,01,7b,79,ad,3a,39,0f,59,cb,
d6,0a,a2,a0,83,8d,b7,51,aa,16,3d,d5,1a,81,bc,32,7d,d1,77,b9,85,c5,ce,e9,8e,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:dd,d8,b5,1f,5b,76,2e,de,8b,ab,3c,cb,01,7b,79,ad,3a,39,0f,59,cb,
d6,0a,a2,a0,83,8d,b7,51,aa,16,3d,d5,1a,81,bc,32,7d,d1,77,b9,85,c5,ce,e9,8e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\WlanGINA\Version\1.0.4.0\WlanGINA.dll
.
Heure de fin: 2009-12-08 08:58
ComboFix-quarantined-files.txt 2009-12-08 07:58

Avant-CF: 135 563 567 104 octets libres
Après-CF: 135 534 923 776 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /TUTag=1I1OV1 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=1I1OV1-BAK

- - End Of File - - 117C6E7194253BC1178C97C6A2D1B935

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 08 December 2009 - 02:49 PM

Hi,

How is it running right now?

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile. Also please do this:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 08 December 2009 - 04:31 PM

Hello Tom,

The computer seems to run OK, I reinstalled all the software I noticed had been impacted.

Please note tha

#8 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 08 December 2009 - 04:34 PM

Hello Tom,

The computer seems to run OK, I reinstalled all the software I noticed had been impacted.

Please note that I won't be able to access my computer for the coming three days, sorry about that.

Below are the requested logs. As I told you, I think I killed all the trojans during the ten or so scans with Avast and Malwarebytes.

Thank you for everything

Malwarebytes' Anti-Malware 1.42
Database version: 3323
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/12/2009 22:29:54
mbam-log-2009-12-08 (22-29-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 219542
Time elapsed: 22 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


info.txt logfile of random's system information tool 1.06 2009-12-08 21:14:49

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x040c -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MX310 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DVD Region+CSS Free 5.9.8.3-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
DWA-547-->C:\Program Files\InstallShield Installation Information\{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}\setup.exe -runfromtemp -l0x0009 -removeonly
EPU-6 Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56B83336-FBC1-4C46-8613-90A9E3B440D6}\setup.exe" -l0x40c
Express Gate-->MsiExec.exe /I{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}
Extension Renamer-->MsiExec.exe /I{57512081-5660-4A8F-9ACD-1574CE11F7BA}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Norton PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
ScanSoft OmniPage 15.0-->MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}
ScanSoft PDF Converter 3.0-->MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}
ScanSoft PDF Create 3.0-->MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.2.4 beta-->"C:\Program Files\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091208-1]

======System event log======

Computer Name: PHOTOSHOP
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 1749
Source Name: EventLog
Time Written: 20091113120257.000000+060
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 19
Message: Installation réussie : Windows a installé la mise à jour suivante : Mises à jour automatiques

Record Number: 1748
Source Name: Windows Update Agent
Time Written: 20091113030253.000000+060
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 7036
Message: Le service Mises à jour automatiques est entré dans l'état : en cours d'exécution.

Record Number: 1747
Source Name: Service Control Manager
Time Written: 20091113030248.000000+060
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 1746
Source Name: Service Control Manager
Time Written: 20091112225104.000000+060
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 1745
Source Name: Service Control Manager
Time Written: 20091112225104.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service ContentIndex (ContentIndex) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091024205003.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091024205001.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091024201734.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091024201710.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091024201710.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by boris at 2009-12-08 21:14:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 129 GB (86%) free of 150 GB
Total RAM: 3327 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:48, on 08/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\boris\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\boris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256463408859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7257 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatic troubleshooting.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

======List of files/folders created in the last 1 months======

2009-12-08 21:14:34 ----D---- C:\rsit
2009-12-08 09:04:12 ----SHD---- C:\RECYCLER
2009-12-08 08:54:03 ----A---- C:\Boot.bak
2009-12-08 08:54:01 ----RASHD---- C:\cmdcons
2009-12-08 08:49:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-08 08:49:26 ----A---- C:\WINDOWS\MBR.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\zip.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\SWSC.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\SWREG.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\sed.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\PEV.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\grep.exe
2009-12-08 08:49:21 ----D---- C:\WINDOWS\ERDNT
2009-12-08 08:47:45 ----D---- C:\Qoobox
2009-12-06 14:27:09 ----A---- C:\WINDOWS\system32\TUKernel.exe
2009-12-06 13:05:17 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2009-12-06 13:04:59 ----D---- C:\Program Files\TuneUp Utilities 2010
2009-12-06 13:04:46 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-06 12:53:15 ----D---- C:\Program Files\ProcessExplorer
2009-12-06 09:27:52 ----D---- C:\Documents and Settings\boris\Application Data\Malwarebytes
2009-12-06 09:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-06 09:27:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 21:06:41 ----D---- C:\Program Files\Trend Micro
2009-12-02 00:13:39 ----D---- C:\Program Files\COMPACT
2009-11-12 09:03:04 ----D---- C:\Program Files\MSXML 4.0
2009-11-12 09:03:00 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-11 10:40:48 ----D---- C:\Documents and Settings\boris\Application Data\Canon
2009-11-11 10:39:49 ----D---- C:\Program Files\Canon
2009-11-11 10:20:19 ----D---- C:\WINDOWS\system32\DocucomRes6
2009-11-11 10:20:19 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2009-11-11 10:19:46 ----A---- C:\WINDOWS\MAXLINK.INI
2009-11-11 10:19:45 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-11-11 10:19:43 ----D---- C:\Documents and Settings\boris\Application Data\ScanSoft
2009-11-11 10:19:41 ----D---- C:\Program Files\Fichiers communs\ScanSoft Shared
2009-11-11 10:19:38 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-11-11 10:19:15 ----D---- C:\Program Files\ScanSoft
2009-11-10 23:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

======List of files/folders modified in the last 1 months======

2009-12-08 21:02:13 ----D---- C:\WINDOWS\Temp
2009-12-08 20:59:49 ----D---- C:\Program Files\Mozilla Firefox
2009-12-08 20:59:42 ----D---- C:\WINDOWS
2009-12-08 20:59:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-08 09:21:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-08 09:00:06 ----D---- C:\WINDOWS\system32
2009-12-08 09:00:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-08 08:57:30 ----A---- C:\WINDOWS\system.ini
2009-12-08 08:55:43 ----D---- C:\WINDOWS\system32\drivers
2009-12-08 08:55:43 ----D---- C:\WINDOWS\AppPatch
2009-12-08 08:55:41 ----D---- C:\Program Files\Fichiers communs
2009-12-08 08:54:03 ----RASH---- C:\boot.ini
2009-12-08 08:47:34 ----D---- C:\WINDOWS\Prefetch
2009-12-06 16:55:26 ----HD---- C:\WINDOWS\inf
2009-12-06 14:36:07 ----D---- C:\Program Files\WinSCP
2009-12-06 14:07:50 ----D---- C:\Documents and Settings\boris\Application Data\Skype
2009-12-06 14:07:00 ----D---- C:\Documents and Settings\boris\Application Data\vlc
2009-12-06 13:05:21 ----SHD---- C:\WINDOWS\Installer
2009-12-06 13:05:20 ----SD---- C:\WINDOWS\Tasks
2009-12-06 13:04:59 ----D---- C:\Program Files
2009-12-06 13:04:51 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-12-06 12:47:06 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-12-06 09:52:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-06 09:51:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-06 09:26:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-06 09:26:50 ----D---- C:\Program Files\SpywareBlaster
2009-12-02 13:08:39 ----D---- C:\WINDOWS\Media
2009-12-02 13:08:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-02 13:08:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-02 00:13:56 ----SD---- C:\Documents and Settings\boris\Application Data\Microsoft
2009-11-28 23:09:19 ----D---- C:\Documents and Settings\boris\Application Data\Adobe
2009-11-26 20:50:08 ----A---- C:\WINDOWS\imsins.BAK
2009-11-26 20:49:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-26 20:49:54 ----D---- C:\WINDOWS\WinSxS
2009-11-25 00:54:29 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-11-17 10:12:10 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-11-13 03:04:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-13 03:02:45 ----D---- C:\WINDOWS\Help
2009-11-11 10:19:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-11 10:19:40 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-11-10 23:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-09 13:29:25 ----D---- C:\Documents and Settings\boris\Application Data\FileZilla
2009-11-09 10:27:53 ----D---- C:\Program Files\FileZilla FTP Client
2009-11-09 10:21:01 ----D---- C:\temp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2009-10-25 73312]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 AR5416;%ATHER.Service.DispName%; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-13 57408]
S3 a18pco2w;a18pco2w; C:\WINDOWS\system32\drivers\a18pco2w.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athr.sys [2008-02-20 765440]
S3 catchme;catchme; \??\C:\DOCUME~1\boris\LOCALS~1\Temp\catchme.sys []
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe [2007-12-13 467028]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-24 604416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-10-25 288112]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-25 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe [2008-04-16 356434]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-06 435016]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 10 December 2009 - 02:32 PM

Ok, let's run an onlinescan to check for some leftovers :(.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 12 December 2009 - 07:02 AM

Hello Tom,

Please find below the ESET log.

Cheers

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=72a35666574d0e48bf440ed76332f8fa
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-12 11:05:05
# local_time=2009-12-12 12:05:05 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 573978 573978 0 0
# compatibility_mode=769 16775125 100 98 17276 196895133 10419 0
# compatibility_mode=8192 67108863 100 0 15838 15838 0 0
# scanned=110317
# found=0
# cleaned=0
# scan_time=1928

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 12 December 2009 - 09:19 AM

Hi,

Please post back with a fresh RSIT logfile so we can cleanup our work :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 13 December 2009 - 05:11 AM

Hello Tom,

Here they come.

Once again, thank you

Logfile of random's system information tool 1.06 (written by random/random)
Run by boris at 2009-12-13 11:09:14
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 129 GB (86%) free of 150 GB
Total RAM: 3327 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:26, on 13/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TuneUp Utilities 2010\Integrator.exe
C:\Program Files\TuneUp Utilities 2010\RegistryCleaner.exe
C:\Documents and Settings\boris\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\boris.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256463408859
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7308 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Automatic troubleshooting.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7064b86-c210-11de-8bf0-0024012e9154}]
shell\AutoRun\command - F:\wubi.exe --cdmenu


======List of files/folders created in the last 1 months======

2009-12-13 11:09:14 ----D---- C:\rsit
2009-12-08 21:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 09:04:12 ----SHD---- C:\RECYCLER
2009-12-08 08:54:03 ----A---- C:\Boot.bak
2009-12-08 08:54:01 ----RASHD---- C:\cmdcons
2009-12-08 08:49:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-08 08:49:26 ----A---- C:\WINDOWS\MBR.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\zip.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\SWSC.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\SWREG.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\sed.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\PEV.exe
2009-12-08 08:49:25 ----A---- C:\WINDOWS\grep.exe
2009-12-08 08:49:21 ----D---- C:\WINDOWS\ERDNT
2009-12-08 08:47:45 ----D---- C:\Qoobox
2009-12-06 14:27:09 ----A---- C:\WINDOWS\system32\TUKernel.exe
2009-12-06 13:05:17 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2009-12-06 13:04:59 ----D---- C:\Program Files\TuneUp Utilities 2010
2009-12-06 13:04:46 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-06 12:53:15 ----D---- C:\Program Files\ProcessExplorer
2009-12-06 09:27:52 ----D---- C:\Documents and Settings\boris\Application Data\Malwarebytes
2009-12-06 09:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-06 09:27:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-05 21:06:41 ----D---- C:\Program Files\Trend Micro
2009-12-02 00:13:39 ----D---- C:\Program Files\COMPACT

======List of files/folders modified in the last 1 months======

2009-12-13 11:09:22 ----D---- C:\WINDOWS\Prefetch
2009-12-13 11:09:16 ----D---- C:\WINDOWS\Temp
2009-12-13 11:06:27 ----D---- C:\Program Files\Mozilla Firefox
2009-12-13 11:06:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-13 10:25:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-12 19:21:48 ----SHD---- C:\WINDOWS\Installer
2009-12-12 19:21:46 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-12 19:21:44 ----D---- C:\WINDOWS
2009-12-12 19:21:39 ----D---- C:\Documents and Settings
2009-12-12 13:03:13 ----D---- C:\Program Files
2009-12-12 10:07:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-12 10:07:06 ----D---- C:\Program Files\SpywareBlaster
2009-12-12 09:44:41 ----D---- C:\Documents and Settings\boris\Application Data\vlc
2009-12-08 22:44:18 ----D---- C:\WINDOWS\system32
2009-12-08 22:44:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-08 22:43:01 ----D---- C:\WINDOWS\AppPatch
2009-12-08 22:43:01 ----D---- C:\Program Files\Internet Explorer
2009-12-08 21:35:55 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-08 21:34:04 ----HD---- C:\WINDOWS\inf
2009-12-08 21:33:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-08 21:33:58 ----A---- C:\WINDOWS\imsins.BAK
2009-12-08 21:33:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-08 21:33:41 ----D---- C:\WINDOWS\system32\drivers
2009-12-08 21:33:22 ----D---- C:\WINDOWS\ie8updates
2009-12-08 08:57:30 ----A---- C:\WINDOWS\system.ini
2009-12-08 08:55:41 ----D---- C:\Program Files\Fichiers communs
2009-12-08 08:54:03 ----RASH---- C:\boot.ini
2009-12-06 14:36:07 ----D---- C:\Program Files\WinSCP
2009-12-06 14:07:50 ----D---- C:\Documents and Settings\boris\Application Data\Skype
2009-12-06 13:05:20 ----SD---- C:\WINDOWS\Tasks
2009-12-06 13:04:51 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-12-06 12:47:06 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-12-06 09:52:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-06 09:51:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-02 13:08:39 ----D---- C:\WINDOWS\Media
2009-12-02 13:08:29 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-02 00:13:56 ----SD---- C:\Documents and Settings\boris\Application Data\Microsoft
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-28 23:09:19 ----D---- C:\Documents and Settings\boris\Application Data\Adobe
2009-11-26 20:49:54 ----D---- C:\WINDOWS\WinSxS
2009-11-25 00:54:29 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-11-17 10:12:10 ----A---- C:\WINDOWS\system32\uxtuneup.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2009-10-25 73312]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 AR5416;%ATHER.Service.DispName%; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-01-17 1331136]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-03 4745216]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-08-28 57344]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-13 57408]
S3 acwunpxg;acwunpxg; C:\WINDOWS\system32\drivers\acwunpxg.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athr.sys [2008-02-20 765440]
S3 catchme;catchme; \??\C:\DOCUME~1\boris\LOCALS~1\Temp\catchme.sys []
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\acs.exe [2007-12-13 467028]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-24 604416]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-10-25 288112]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-25 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\D-Link DWA-547 Wireless N Desktop Adapter\jswpsapi.exe [2008-04-16 356434]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-06 435016]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-12-13 11:09:28

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x040c -removeonly
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MX310 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DVD Region+CSS Free 5.9.8.3-->"C:\Program Files\DVD Region+CSS Free\unins000.exe"
DWA-547-->C:\Program Files\InstallShield Installation Information\{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}\setup.exe -runfromtemp -l0x0009 -removeonly
EPU-6 Engine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56B83336-FBC1-4C46-8613-90A9E3B440D6}\setup.exe" -l0x40c
Express Gate-->MsiExec.exe /I{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}
Extension Renamer-->MsiExec.exe /I{57512081-5660-4A8F-9ACD-1574CE11F7BA}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Norton PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
ScanSoft OmniPage 15.0-->MsiExec.exe /I{0B7DDCD3-D6D8-4366-A6D8-9B6495A2925E}
ScanSoft PDF Converter 3.0-->MsiExec.exe /I{602A205F-8D02-48EE-8782-262B2103B984}
ScanSoft PDF Create 3.0-->MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.2.4 beta-->"C:\Program Files\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 091212-1]

======System event log======

Computer Name: PHOTOSHOP
Event Code: 3
Message: L'imprimante Canon MX310 series Printer (Copie 1) a été supprimée.

Record Number: 1962
Source Name: Print
Time Written: 20091115182603.000000+060
Event Type: Avertissement
User: PHOTOSHOP\boris

Computer Name: PHOTOSHOP
Event Code: 4
Message: L'imprimante Canon MX310 series Printer (Copie 1) est en attente de suppression.

Record Number: 1961
Source Name: Print
Time Written: 20091115182600.000000+060
Event Type: Avertissement
User: PHOTOSHOP\boris

Computer Name: PHOTOSHOP
Event Code: 7036
Message: Le service FLEXnet Licensing Service est entré dans l'état : en cours d'exécution.

Record Number: 1960
Source Name: Service Control Manager
Time Written: 20091115182541.000000+060
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service FLEXnet Licensing Service.

Record Number: 1959
Source Name: Service Control Manager
Time Written: 20091115182541.000000+060
Event Type: Informations
User: PHOTOSHOP\boris

Computer Name: PHOTOSHOP
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 1958
Source Name: Service Control Manager
Time Written: 20091115182113.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service ContentIndex (ContentIndex) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20091024205003.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20091024205001.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20091024201734.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20091024201710.000000+120
Event Type: Informations
User:

Computer Name: PHOTOSHOP
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20091024201710.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 13 December 2009 - 11:10 AM

Hi,


Step 1

Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.




Step 2
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.






Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean :(


Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.



Follow this list and your potential for being infected again will reduce dramatically.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 NiceRabbit

NiceRabbit
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 13 December 2009 - 12:57 PM

Hello Tom,

Thank you once again for everything.

I have donated.

Keep up the good work :(

Cheers

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:39 AM

Posted 14 December 2009 - 01:25 PM

You're welcome :(

And Thank You!


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users