Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit-gen[rtk]


  • This topic is locked This topic is locked
20 replies to this topic

#1 mandarina

mandarina

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 16 January 2010 - 06:21 AM

Hi everyone,

I received a alert from Avast telling me that a Rootkit-gen has been found in C:\\WINDOWS\System32\Drivers\nwirxasc.sys, which field I couldn't delete.
Malwarebytes' Anti-Malware has confirmed the informations, and couldn't as well delete the field.
As advised by Orange Blossom, I've been following the instructions and hope I've managed to post it in the right section with the right informations this time !! thumbup2.gif


DDS (Ver_09-12-01.01) - NTFSx86
Run by hp at 11:46:41,26 on 16/01/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.77 [GMT 1:00]

AV: avast! antivirus 4.8.1368 [VPS 100115-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\hp\Mes documents\Téléchargements\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\fichiers communs\sonic\update manager\sgtray.exe" /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [WService] WService.EXE
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\hp\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 2.3\program\quickstart.exe
StartupFolder: c:\docume~1\hp\menudm~1\progra~1\dmarra~1\outild~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://centraus2.englishtown.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp\applic~1\mozilla\firefox\profiles\kxhltqmp.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-7 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-11-22 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-11-22 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-11-22 352920]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-12 07:04:55 445672 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-12 07:04:54 64052 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-29 05:25:37 671232 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 12:20:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 05:39:43 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39:43 25088 ----a-w- c:\windows\system32\httpapi.dll
2007-11-22 08:33:22 278528 ----a-w- c:\program files\fichiers communs\FDEUnInstaller.exe

============= FINISH: 11:47:38,01 ===============

Thank you for your time !! thumbup.gif

Attached Files


Edited by mandarina, 16 January 2010 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 22 January 2010 - 04:31 PM

Hello, mandarina.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 22 January 2010 - 07:22 PM

Hi aommaster, nice to meet you.

I've done the procedure you asked me to, and here are the two fields, as follow ;

Logfile of random's system information tool 1.06 (written by random/random)
Run by hp at 2010-01-23 01:17:36
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 26 GB (34%) free of 76 GB
Total RAM: 511 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:10, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hp\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\hp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://centraus2.englishtown.com/SiteRoots...raUpdaterAx.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 7412 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-24 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-10-08 159744]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-09-04 88363]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-04-08 4730880]
"nwiz"=nwiz.exe /install []
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2004-03-01 200766]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-08-19 290816]
"UpdateManager"=C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-24 149280]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"WService"=C:\WINDOWS\system32\WService.EXE [2002-09-07 28672]
"Lexmark X6100 Series"=C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe [2003-09-23 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-01-30 3497984]
""= []
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Outil de détection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live FolderShare"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0580dca5-5436-11dd-a2b7-000fb04970ca}]
shell\AutoRun\command - t.exe
shell\explore\command - t.exe
shell\open\command - t.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ccce128-9454-11dc-81d0-806d6172696f}]
shell\play\command - C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68cf7b2e-4f9a-11dd-a2b6-000fb04970ca}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2010-01-23 01:17:36 ----D---- C:\rsit
2010-01-22 05:38:22 ----D---- C:\WINDOWS\LastGood
2010-01-16 12:04:34 ----A---- C:\RootRepeal report 01-16-10 (12-04-34).txt
2010-01-15 23:53:48 ----D---- C:\Program Files\iPod
2010-01-15 23:49:42 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-15 23:49:41 ----D---- C:\Program Files\iTunes
2010-01-15 22:55:56 ----D---- C:\Program Files\QuickTime
2010-01-15 21:30:10 ----D---- C:\Documents and Settings\hp\Application Data\Malwarebytes
2010-01-15 21:29:33 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-15 21:29:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-15 21:08:27 ----D---- C:\Program Files\Bonjour
2010-01-15 21:07:27 ----SHD---- C:\Config.Msi
2010-01-15 17:15:08 ----D---- C:\WINDOWS\pss
2010-01-15 14:01:19 ----D---- C:\Program Files\Trend Micro
2010-01-14 19:35:10 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-14 08:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 07:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-14 03:04:51 ----A---- C:\WINDOWS\system32\MRT.INI
2009-12-09 18:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 18:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 18:55:52 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-09 18:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 18:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 18:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-11-28 16:43:30 ----D---- C:\Documents and Settings\hp\Application Data\MuldeR
2009-11-28 16:24:50 ----D---- C:\Program Files\Audacity
2009-11-25 14:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 14:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-18 08:08:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-11-16 18:36:46 ----D---- C:\Program Files\Microsoft
2009-11-16 18:35:52 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-16 18:28:53 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-11-11 21:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-04 07:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-10-24 13:20:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-24 13:20:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-24 13:20:53 ----A---- C:\WINDOWS\system32\java.exe
2009-10-24 13:20:53 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 3 months======

2010-01-23 01:16:15 ----D---- C:\WINDOWS\Prefetch
2010-01-22 22:39:42 ----D---- C:\WINDOWS\Temp
2010-01-22 22:24:03 ----D---- C:\Documents and Settings\hp\Application Data\dvdcss
2010-01-22 05:39:03 ----HD---- C:\WINDOWS\inf
2010-01-22 05:38:25 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 05:38:22 ----D---- C:\WINDOWS
2010-01-22 05:38:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-21 18:22:30 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 18:20:30 ----D---- C:\Documents and Settings\hp\Application Data\OpenOffice.org2
2010-01-21 17:26:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-17 11:23:08 ----D---- C:\Documents and Settings\hp\Application Data\Apple Computer
2010-01-16 11:51:18 ----D---- C:\WINDOWS\system32\drivers
2010-01-16 11:27:12 ----RSD---- C:\WINDOWS\assembly
2010-01-16 01:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-01-16 00:22:01 ----SHD---- C:\WINDOWS\Installer
2010-01-16 00:08:13 ----D---- C:\WINDOWS\system32
2010-01-16 00:07:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-15 23:53:48 ----RD---- C:\Program Files
2010-01-15 23:52:52 ----D---- C:\Program Files\Fichiers communs\Apple
2010-01-15 22:19:08 ----D---- C:\WINDOWS\WinSxS
2010-01-14 20:27:08 ----A---- C:\WINDOWS\lexstat.ini
2010-01-14 20:20:16 ----D---- C:\Documents and Settings\hp\Application Data\AdobeUM
2010-01-14 08:50:16 ----D---- C:\WINDOWS\AppPatch
2010-01-14 08:01:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-14 08:00:16 ----A---- C:\WINDOWS\imsins.BAK
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-01 21:35:43 ----D---- C:\Program Files\eMule
2009-12-29 19:16:40 ----D---- C:\Documents and Settings\hp\Application Data\.purple
2009-12-05 23:08:22 ----D---- C:\Documents and Settings\hp\Application Data\gtk-2.0
2009-11-25 00:54:29 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-11-16 18:44:43 ----D---- C:\Program Files\Windows Live
2009-11-16 18:42:38 ----D---- C:\WINDOWS\system32\DirectX
2009-11-16 18:35:05 ----RSD---- C:\WINDOWS\Fonts
2009-11-16 18:28:53 ----D---- C:\Program Files\Fichiers communs
2009-11-16 18:28:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-16 18:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2009-11-13 07:56:14 ----D---- C:\WINDOWS\Help
2009-11-12 08:04:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-29 19:55:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 06:25:37 ----A---- C:\WINDOWS\system32\wininet.dll
2009-10-29 06:25:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 06:25:37 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-10-28 16:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-24 13:19:57 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AmdK8;Pilote de processeur AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-02-02 100384]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-09-04 1268204]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-10-08 94601]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 BCM43XX;Pilote pour carte réseau BCM 802.11b; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-08-05 341760]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-04-08 1382634]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-02-19 42092]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-06-28 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-06-28 8320]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 Tablet2k;Serial Tablet Port Driver; C:\WINDOWS\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
S3 TClass2k;Tablet Class Driver; C:\WINDOWS\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 UCTblHid;HID Tablet Port Driver; C:\WINDOWS\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
S3 USB_RNDIS;Point d'acces Inventel; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-24 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-09-23 303104]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2004-04-08 73728]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WinTabService;WinTab Service; C:\WINDOWS\system32\DRIVERS\WtSrv.exe [2003-09-30 40960]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-07-27 98304]

-----------------EOF-----------------


====


info.txt logfile of random's system information tool 1.06 2010-01-23 01:18:21

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x40c -removeonly
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x40c -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Agere Systems AC'97 Modem-->agrsmdel
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Driver-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Centra Client-->C:\PROGRA~1\Centra\Client\bin\updater.exe -uninstall
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GTK+ Runtime 2.12.1 rev a (remove only)-->C:\Program Files\Fichiers communs\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LameXP-->"C:\Program Files\LameXP\Uninstall.exe"
Lexmark X6100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBFUN5C.EXE -dLexmark X6100 Series
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst
NVIDIA nForce Drivers-->C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU001.nvu,NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvcp.inf
OpenOffice.org 2.3-->MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PCI 1620 Cardbus Controller and Software-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1036
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Print to Fax-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x40c ControlPanel
Quick Launch Buttons 5.00 C1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x40c -uninst
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x40c REMOVE
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x40c /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1368 [VPS 100122-0]

======System event log======

Computer Name: HP-971372507FD3
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 5733
Source Name: EventLog
Time Written: 20091024201252.000000+120
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Record Number: 5732
Source Name: Tcpip
Time Written: 20091024170949.000000+120
Event Type: Avertissement
User:

Computer Name: HP-971372507FD3
Event Code: 7036
Message: Le service Windows Installer est entré dans l'état : arrêté.

Record Number: 5731
Source Name: Service Control Manager
Time Written: 20091024143133.000000+120
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.

Record Number: 5730
Source Name: Service Control Manager
Time Written: 20091024142151.000000+120
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

Record Number: 5729
Source Name: Service Control Manager
Time Written: 20091024142151.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: HP-971372507FD3
Event Code: 0
Message:
Record Number: 1693
Source Name: iPod Service
Time Written: 20081117135557.000000+060
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 1000
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 1692
Source Name: LoadPerf
Time Written: 20081117081255.000000+060
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 1001
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.
Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système
et les dernières entrées du registre d'aide.

Record Number: 1691
Source Name: LoadPerf
Time Written: 20081117081254.000000+060
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1690
Source Name: SecurityCenter
Time Written: 20081117080849.000000+060
Event Type: Informations
User:

Computer Name: HP-971372507FD3
Event Code: 101
Message: MsnMsgr (2096) Le moteur de base de données est arrêté.

Record Number: 1689
Source Name: ESENT
Time Written: 20081112075032.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   21.67KB   4 downloads
  • Attached File  log.txt   24.5KB   3 downloads

Edited by extremeboy, 22 January 2010 - 07:42 PM.
Edit Logs in


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 22 January 2010 - 07:54 PM

Hello, mandarina.
Pleasure to meet you too smile.gif

Just wanted to bring Extremeboy's edit to your post to your attention. Please copy and paste logs into your reply rather than attaching them, as it makes it for me to read smile.gif
Let's begin!


P2P Program Warning!

Emule

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall the programs listed above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




We need to update your antivirus program

Your antivirus program, in your case Avast 4.0, is out of date.

New infections come out at a very high rate. If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Please update your antivirus program now. Once complete, run a full system scan, and if any infections are found, post the log.

NEXT:

We need to run Flash Disinfector
  1. Download Flash_Disinfector and save it to your desktop.
  2. Double-click on Flash_Disinfector.exe to run it and follow the prompts.
  3. Wait until it has finished scanning and then exit the program.
  4. The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone, mp3 player, and so on,
  5. Please do so and allow the utility to clean up those drives as well.

NEXT:

We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Leaving the settings at default, click Scan.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Antivirus log (only if infections are found)
  • gmer.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 23 January 2010 - 09:03 AM

- Ok, I've removed eMule from my computer.


- About my antivirus, I'm surprised to hear that my version is outdate, because the updates are automatically done, and when I updated manually the programm and the viral basis, they told me that it has been already done. And the version I have is normally 4.8.1368, when I checked on "about Avast..."
The scan hasn't find any sign of infection.
Is there anything else I should do about it ?


- About GMER, I didn't receive the warning about a possible rootkit, and here is the log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-23 14:53:51
Windows 5.1.2600 Service Pack 3
Running: 4yk5f1y5.exe; Driver: C:\DOCUME~1\hp\LOCALS~1\Temp\pwlyafow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5A326B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5A32574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5A32A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5A3214C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5A3264E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5A3208C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5A320F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5A3276E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5A3272E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5A328AE]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF8A85E00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF89C7F00]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7B56340, 0x106FDF, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6300, 0x238E10, 0xF8000020]
? System32\Drivers\hiber_WMILIB.SYS Le chemin d'accès spécifié est introuvable. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[752] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----



#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 23 January 2010 - 12:04 PM

Hello, mandarina.
QUOTE
About my antivirus, I'm surprised to hear that my version is outdate, because the updates are automatically done, and when I updated manually the programm and the viral basis, they told me that it has been already done. And the version I have is normally 4.8.1368, when I checked on "about Avast..."
The scan hasn't find any sign of infection.
Is there anything else I should do about it ?

According to the main website, Avast's latest version is version 5 (I think this update is a brand-new update). You should go there and update to this version once we're done with the fix.




Please answer the following questions

Are you still getting the Avast warnings you mentioned in your first post?
QUOTE
I received a alert from Avast telling me that a Rootkit-gen has been found in C:\\WINDOWS\System32\Drivers\nwirxasc.sys, which field I couldn't delete.


If you are still getting these warnings:
We need to run RootRepeal
  1. Download RootRepeal
  2. Extract RootRepeal.exe from the zip archive.
  3. Open RootRepeal on your desktop.
  4. Click the Report tab.
  5. Click the Scan button.
  6. Check all six boxes present (Drivers, Files, Processes, SSDT, Stealth Objects, Hidden Services)
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the Save Report button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


In your next reply, please include the following:
  • Answers to my questions above
  • RootRepeal Log (If you still get those warnings)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 23 January 2010 - 01:11 PM

Hi,
no I don't have the warning anymore, even when I analysed only the field C:\\WINDOWS\System32\Drivers\nwirxasc.sys with Avast it doesn't find anything suspicious as it used to. mellow.gif

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 23 January 2010 - 01:47 PM

Hello, mandarina.
We need to run RootRepeal
  1. Download RootRepeal
  2. Extract RootRepeal.exe from the zip archive.
  3. Open RootRepeal on your desktop.
  4. Click the Report tab.
  5. Click the Scan button.
  6. Check all six boxes present (Drivers, Files, Processes, SSDT, Stealth Objects, Hidden Services)
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the Save Report button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.


NEXT:

We need to run a Jotti scan

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
  1. Go to the Jotti website
  2. When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

    C:\WINDOWS\System32\Drivers\nwirxasc.sys

  3. Please post back the results of the scan in your next post.
**Note:If Jotti is busy, try the same at Virustotal
**Note: No logs will be produced. You can either copy/paste the results into your reply, or you can state the infection found (if any) and the scanner that found it


In your next reply, please include the following:
  • RootRepeal Log
  • Jotti Log(s)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 23 January 2010 - 02:40 PM

I got a error message while the rootrepeal scan, saying : "could not read system registry! Please contact the author!"
and the details : DeviceIoControlError! Error Code = 0xc000009a 20:24:19

Here is the log I got :

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/23 20:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5A01000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8BAB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF8BF7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: pwlyafow.sys
Image Path: C:\DOCUME~1\hp\LOCALS~1\Temp\pwlyafow.sys
Address: 0xEF3E2000 Size: 93056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF07FF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\hp\Application Data\Mozilla\Firefox\Profiles\kxhltqmp.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: c:\documents and settings\hp\application data\mozilla\firefox\profiles\kxhltqmp.default\cookies.sqlite-journal
Status: Size mismatch (API: 10832, Raw: 9800)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a326b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a32574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a32a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a3214c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a3264e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a3208c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a320f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a3276e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a3272e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf5a328ae

==EOF==

On Jotti, they told me that the field was empty (size = 0 bytes) !

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 23 January 2010 - 09:24 PM

Hello, mandarina.
We need to download and run ComboFix (by sUBs)
  1. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  2. Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  3. Double click on ComboFix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  5. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  6. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  7. Click on Yes, to continue scanning for malware.
  8. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 24 January 2010 - 02:30 AM

Hi,
would you mind just confirming me that, in my case, the programs I've to disable are only Avast and the Windows Firewall I can find in the Panel control ?
Do I have to disable or delete if not needed the program MalwareBytes' Anti-Malware too ?


I'm sorry if that's a stupid question, just want to be sure before starting the ComboFix procedure correctly, thank you smile.gif


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 24 January 2010 - 12:21 PM

Hi!

There's no such thing as a stupid question (maybe stupid answers hysterical.gif).

As for your question:
Your logs indicate that you have Avast installed, so that will have to be disabled. If you have windows firewall running, then, disable that too. You won't need to delete any of them (and I highly recommend against doing so, as it'll open your computer to infection).

MalwareBytes Anti-Malware is an on-demand scanner. So all you'll have to do is close the program down and you'll be fine.

If you have any more questions, please don't hesitate to ask smile.gif

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 24 January 2010 - 12:46 PM

ok, thank you for your patience thumbup2.gif , I just have a last one : when can I re-able this programs ? After the ComboFix scan and before the HijackThis procedure ?

(I guess I'm just imagining my pc with 1000virus turning around waiting for a distraction, with a big sign "YOU LOST !! PC OVER".. but anwyay, having a antivirus didn't prevent me from being infected, did it ? so..whistling.gif )

Edited by mandarina, 24 January 2010 - 12:56 PM.


#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:06:02 PM

Posted 24 January 2010 - 01:15 PM

Hi! smile.gif

Well, once Combofix has run, it will restart your computer and produce a log for you. Once the log has been produced, you can re-enable your programs.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 mandarina

mandarina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 24 January 2010 - 02:14 PM

Okay, done, here follow the logs :

ComboFix 10-01-23.06 - hp 24/01/2010 19:45:17.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.139 [GMT 1:00]
Lancé depuis: c:\documents and settings\hp\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100124-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\driVERs\nwirxasc.sys
c:\windows\system32\wservice.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_nwirxasc
-------\Service_nwirxasc


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-24 au 2010-01-24 ))))))))))))))))))))))))))))))))))))
.

2010-01-23 00:17 . 2010-01-23 00:18 -------- d-----w- C:\rsit
2010-01-16 10:51 . 2010-01-16 10:51 0 ----a-w- c:\documents and settings\hp\settings.dat
2010-01-15 22:53 . 2010-01-15 22:53 -------- d-----w- c:\program files\iPod
2010-01-15 22:49 . 2010-01-15 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-15 22:49 . 2010-01-15 23:06 -------- d-----w- c:\program files\iTunes
2010-01-15 21:55 . 2010-01-15 22:07 -------- d-----w- c:\program files\QuickTime
2010-01-15 20:30 . 2010-01-15 20:30 -------- d-----w- c:\documents and settings\hp\Application Data\Malwarebytes
2010-01-15 20:29 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-15 20:29 . 2010-01-15 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-15 20:29 . 2010-01-15 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-15 20:29 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-15 20:08 . 2010-01-15 20:08 -------- d-----w- c:\program files\Bonjour
2010-01-15 13:01 . 2010-01-15 13:01 -------- d-----w- c:\program files\Trend Micro
2010-01-13 11:51 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 19:00 . 2007-11-22 10:06 -------- d-----w- c:\documents and settings\hp\Application Data\OpenOffice.org2
2010-01-24 07:21 . 2007-12-17 14:33 37176 ----a-w- c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-23 16:25 . 2007-11-22 21:49 -------- d-----w- c:\documents and settings\hp\Application Data\dvdcss
2010-01-23 10:15 . 2007-11-23 00:59 -------- d-----w- c:\program files\eMule
2010-01-17 10:23 . 2007-11-16 15:09 -------- d-----w- c:\documents and settings\hp\Application Data\Apple Computer
2010-01-15 22:52 . 2007-11-22 19:30 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-15 20:13 . 2010-01-15 20:13 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-14 19:20 . 2007-12-15 17:53 -------- d-----w- c:\documents and settings\hp\Application Data\AdobeUM
2010-01-14 18:49 . 2007-11-22 10:07 1 ----a-w- c:\documents and settings\hp\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-10 10:26 . 2010-01-10 10:26 79488 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 18:16 . 2007-11-22 09:20 -------- d-----w- c:\documents and settings\hp\Application Data\.purple
2009-12-22 05:09 . 2004-08-05 20:00 671232 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:08 . 2004-08-05 20:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-05 22:08 . 2007-11-22 09:21 -------- d-----w- c:\documents and settings\hp\Application Data\gtk-2.0
2009-11-28 15:43 . 2009-11-28 15:43 -------- d-----w- c:\documents and settings\hp\Application Data\MuldeR
2009-11-28 15:24 . 2009-11-28 15:24 -------- d-----w- c:\program files\Audacity
2009-11-24 23:54 . 2007-11-22 08:49 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-11-22 08:49 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-11-22 08:49 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-07 21:21 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-07 21:21 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2007-11-22 08:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-11-22 08:49 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-11-22 08:49 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-11-22 08:49 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:58 . 2004-08-05 20:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-12 07:04 . 2004-08-05 20:00 445672 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-12 07:04 . 2004-08-05 20:00 64052 ----a-w- c:\windows\system32\perfc00C.dat
2007-11-22 08:33 . 2007-11-22 08:33 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 3497984]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2004-09-04 88363]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-08 4730880]
"nwiz"="nwiz.exe" [2004-04-08 323584]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-24 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\hp\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-22 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25062:TCP"= 25062:TCP:TCP
"25072:UDP"= 25072:UDP:UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/04/2008 22:21 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/04/2008 22:21 20560]
.
Contenu du dossier 'Tâches planifiées'

2010-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://centraus2.englishtown.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
FF - ProfilePath - c:\documents and settings\hp\Application Data\Mozilla\Firefox\Profiles\kxhltqmp.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-WService - WService.EXE
AddRemove-{54dcbccb-c905-46dc-b6e6-48563d0e9e55} - c:\program files\LameXP\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 19:57
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?3?6?6??`???? ???B???????????????B? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3892)
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\DRIVERS\WtSrv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\AGRSMMSG.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Lexmark X6100 Series\lxbfbmon.exe
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-01-24 20:08:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-24 19:08

Avant-CF: 26 770 862 080 octets libres
Après-CF: 28 701 249 536 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 228B4D3179D61C920BF3EDC2413BC859





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:16, on 24/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://centraus2.englishtown.com/SiteRoots...raUpdaterAx.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 7345 bytes





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users