Win32:Rootkit-gen is stopping avast update - what to do?

Viruses and worms
21

Part 3 of log.txt

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ATIModeChange”=C:\WINDOWS\system32\Ati2mdxx.exe [2002-08-15 28672]
“CARPService”=C:\WINDOWS\system32\carpserv.exe [2003-05-21 4608]
“ATIPTA”=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2002-08-14 290816]
“PreloadApp”=c:\hp\drivers\printers\photosmart\hphprld.exe [2001-12-12 36864]
“srmclean”=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
“Display Settings”=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe [2002-08-15 45056]
“QT4HPOT”=C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE [2002-10-14 98304]
“SynTPLpr”=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-09-09 126976]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-09-09 557056]
“Cpqset”=C:\Program Files\HPQ\Default Settings\cpqset.exe [2002-10-23 176197]
“RoxioEngineUtility”=C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
“RoxioDragToDisc”=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-10-21 868352]
“V0250Mon.exe”=C:\WINDOWS\V0250Mon.exe [2006-06-07 32768]
“AVFX Engine”=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-10-09 20480]
“AppleSyncNotifier”=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
“QuickTime Task”=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“MoneyAgent”=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 204800]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“Creative Live! Cam Manager”=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-20 68856]
“H/PC Connection Agent”=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-24 401491]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe
ImageFox.lnk - C:\WINDOWS\Installer{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\PVSW\Bin\w3dbsmgr.exe”=“C:\PVSW\Bin\w3dbsmgr.exe::Enabled:Database Service Manager"
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”="C:\Program Files\Microsoft ActiveSync\wcescomm.exe::Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WcesMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WcesMgr.exe::Enabled:ActiveSync Application"
“C:\Program Files\NetMeeting\conf.exe”="C:\Program Files\NetMeeting\conf.exe::Enabled:Windows® NetMeeting®”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\SightSpeed\SightSpeed.exe”="C:\Program Files\SightSpeed\SightSpeed.exe::Enabled:SightSpeed”
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{051d70b2-c401-11dc-abeb-00173f864771}]
shell\Auto\command - MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{28c04252-bb7a-11dc-abce-000bcd883d84}]
shell\Auto\command - Cn911.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{297187e0-20dd-11dc-aa40-00028a7adc95}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5824c410-74ce-11dc-aaf4-000bcd883d84}]
shell\AutoRun\command - RavMon.exe
shell\open\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{96c34348-7b5e-11dc-ab01-000bcd883d84}]
shell\Auto\command - Cn911.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fcd67d10-991b-11dd-adb3-00173f864771}]
shell\AutoRun\command - E:\ev60a2.cmd
shell\explore\command - E:\ev60a2.cmd
shell\open\command - E:\ev60a2.cmd

22

Part 3 of log.txt

======List of files/folders created in the last 2 months======

2008-11-21 19:49:00 ----D---- C:\rsit
2008-11-21 15:37:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-20 22:58:58 ----D---- C:\Program Files\Trend Micro
2008-11-20 18:22:14 ----D---- C:\WINDOWS\Sun
2008-11-20 18:16:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 18:16:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 18:16:34 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-20 18:16:33 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 18:15:56 ----D---- C:\Program Files\Java
2008-11-20 18:11:36 ----D---- C:\Documents and Settings\Pierre\Application Data\Sun
2008-11-20 15:25:35 ----D---- C:\Program Files\Panda Security
2008-11-17 15:59:20 ----HDC---- C:\WINDOWS$NtUninstallKB951978$
2008-11-17 15:56:35 ----HDC---- C:\WINDOWS$NtUninstallKB957097$
2008-11-17 15:55:12 ----HDC---- C:\WINDOWS$NtUninstallKB954459$
2008-11-17 15:53:29 ----HDC---- C:\WINDOWS$NtUninstallKB955069$
2008-11-01 21:51:06 ----D---- C:\WINDOWS\Prefetch
2008-11-01 21:25:26 ----HDC---- C:\WINDOWS$NtUninstallKB958644$
2008-11-01 21:25:09 ----HDC---- C:\WINDOWS$NtUninstallKB957095$
2008-11-01 21:24:47 ----HDC---- C:\WINDOWS$NtUninstallKB956841$
2008-11-01 21:24:28 ----HDC---- C:\WINDOWS$NtUninstallKB956803$
2008-11-01 21:24:06 ----HDC---- C:\WINDOWS$NtUninstallKB954211$
2008-11-01 21:23:45 ----HDC---- C:\WINDOWS$NtUninstallKB952954$
2008-11-01 21:23:27 ----HDC---- C:\WINDOWS$NtUninstallKB952287$
2008-11-01 21:23:08 ----HDC---- C:\WINDOWS$NtUninstallKB951748$
2008-11-01 21:22:49 ----HDC---- C:\WINDOWS$NtUninstallKB951698$
2008-11-01 21:22:31 ----HDC---- C:\WINDOWS$NtUninstallKB951376-v2$
2008-11-01 21:22:14 ----HDC---- C:\WINDOWS$NtUninstallKB951376$
2008-11-01 21:21:52 ----HDC---- C:\WINDOWS$NtUninstallKB951066$
2008-11-01 21:21:34 ----HDC---- C:\WINDOWS$NtUninstallKB950974$
2008-11-01 21:21:16 ----HDC---- C:\WINDOWS$NtUninstallKB950762$
2008-11-01 21:20:56 ----HDC---- C:\WINDOWS$NtUninstallKB946648$
2008-11-01 21:20:39 ----HDC---- C:\WINDOWS$NtUninstallKB938464$
2008-11-01 21:13:36 ----D---- C:\WINDOWS\l2schemas
2008-11-01 21:13:35 ----D---- C:\WINDOWS\system32\fr
2008-10-24 21:47:01 ----HDC---- C:\WINDOWS$NtUninstallKB958644_0$
2008-10-22 11:04:14 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-22 11:04:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-22 11:04:08 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-22 11:04:08 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-22 11:03:55 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-22 11:03:55 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-22 11:03:36 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-22 11:03:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-22 11:03:28 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-22 11:03:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-22 11:03:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-22 11:03:24 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-22 11:03:24 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-22 11:03:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-22 11:03:18 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-22 11:03:03 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-22 11:03:03 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-22 11:03:03 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-22 11:03:01 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-22 11:03:00 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-22 11:02:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-22 11:02:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-22 11:02:19 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-22 11:02:18 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-22 11:01:53 ----A---- C:\WINDOWS\005197_.tmp
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-22 11:01:49 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-22 11:01:49 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-22 11:01:49 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-22 11:01:43 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-22 11:01:43 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-22 11:01:43 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-22 11:01:41 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-22 11:01:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-22 11:01:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-22 11:01:35 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-22 11:01:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-22 11:01:25 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-22 11:01:12 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-15 06:37:11 ----HDC---- C:\WINDOWS$NtUninstallKB956803_0$
2008-10-15 06:36:58 ----HDC---- C:\WINDOWS$NtUninstallKB956391$
2008-10-15 06:36:45 ----HDC---- C:\WINDOWS$NtUninstallKB957095_0$
2008-10-15 06:32:49 ----HDC---- C:\WINDOWS$NtUninstallKB954211_0$
2008-10-15 06:32:20 ----HDC---- C:\WINDOWS$NtUninstallKB956841_0$

23

Part 4 of log.txt

======List of files/folders modified in the last 2 months======

2008-11-21 19:50:02 ----D---- C:\Documents and Settings\Pierre\Application Data\Skype
2008-11-21 17:55:39 ----D---- C:\WINDOWS\Temp
2008-11-21 17:48:29 ----D---- C:\WINDOWS
2008-11-21 17:48:00 ----D---- C:\Documents and Settings\Pierre\Application Data\skypePM
2008-11-21 17:45:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-21 17:43:41 ----D---- C:\WINDOWS\system32
2008-11-21 15:38:10 ----D---- C:\WINDOWS\system32\drivers
2008-11-21 15:37:32 ----D---- C:\Program Files\Alwil Software
2008-11-21 15:14:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-21 15:13:15 ----RD---- C:\Program Files
2008-11-20 18:38:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-20 18:18:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 18:16:49 ----SHD---- C:\WINDOWS\Installer
2008-11-20 18:16:49 ----D---- C:\Config.Msi
2008-11-20 17:30:12 ----A---- C:\WINDOWS\BRWMARK.INI
2008-11-20 17:30:12 ----A---- C:\WINDOWS\BRPP2KA.INI
2008-11-20 15:25:35 ----HD---- C:\WINDOWS\inf
2008-11-19 14:58:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 15:59:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-17 15:56:42 ----A---- C:\WINDOWS\imsins.BAK
2008-11-17 15:56:31 ----HD---- C:\WINDOWS$hf_mig$
2008-11-17 08:53:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 08:52:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-11-17 08:52:36 ----D---- C:\Program Files\Adobe
2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 21:52:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-01 21:50:59 ----A---- C:\WINDOWS\setuplog.txt
2008-11-01 21:50:10 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 21:50:10 ----D---- C:\WINDOWS\AppPatch
2008-11-01 21:50:09 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 21:50:07 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 21:49:21 ----D---- C:\WINDOWS\security
2008-11-01 21:25:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 21:20:57 ----D---- C:\Program Files\Messenger
2008-11-01 21:14:33 ----D---- C:\WINDOWS\WinSxS
2008-11-01 21:14:22 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 21:14:18 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 21:14:17 ----D---- C:\WINDOWS\ime
2008-11-01 21:14:16 ----D---- C:\WINDOWS\Help
2008-11-01 21:13:43 ----D---- C:\WINDOWS\system32\fr-fr
2008-11-01 21:13:42 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 21:13:34 ----D---- C:\WINDOWS\system32\bits
2008-11-01 21:13:34 ----D---- C:\WINDOWS\peernet
2008-11-01 21:13:33 ----D---- C:\Program Files\Movie Maker
2008-11-01 21:07:54 ----D---- C:\WINDOWS\system32\Restore
2008-11-01 21:07:54 ----D---- C:\WINDOWS\system32\npp
2008-11-01 21:07:51 ----D---- C:\WINDOWS\msagent
2008-11-01 21:07:48 ----D---- C:\WINDOWS\srchasst
2008-11-01 21:07:47 ----D---- C:\Program Files\NetMeeting
2008-11-01 21:07:44 ----D---- C:\WINDOWS\system32\Com
2008-11-01 21:07:40 ----D---- C:\Program Files\Windows Media Player
2008-11-01 21:07:39 ----D---- C:\Program Files\Windows NT
2008-11-01 21:07:39 ----D---- C:\Program Files\Outlook Express
2008-11-01 21:07:34 ----D---- C:\Program Files\Fichiers communs\System
2008-11-01 21:07:09 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 21:07:05 ----D---- C:\WINDOWS\system
2008-11-01 21:01:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 21:01:27 ----HDC---- C:\WINDOWS$NtServicePackUninstall$
2008-11-01 20:55:44 ----D---- C:\WINDOWS\EHome
2008-10-22 09:54:56 ----D---- C:\WINDOWS\Debug
2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 06:36:22 ----D---- C:\Program Files\Internet Explorer
2008-10-15 06:36:05 ----D---- C:\WINDOWS\ie7updates
2008-10-15 06:35:13 ----A---- C:\WINDOWS\win.ini
2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-02 20:50:22 ----D---- C:\Documents and Settings\Pierre\Application Data\ImageFox

24

Part 5 of log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-18 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-18 110160]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-18 50864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-05 2432]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-05 2560]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-10-21 260224]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-10-21 146560]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-10-21 118409]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-10-21 213120]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-18 94032]
R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-05-21 30592]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-17 26112]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-18 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-08-16 471168]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO; C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 291328]
R3 CALIHALA;CALIHALA; C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 244608]
R3 CmBatt;Pilote d’adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.SYS [2002-10-11 14543]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver; C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-29 16512]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPCI;HP Configuration Interface; C:\WINDOWS\System32\DRIVERS\hpci.sys [2002-07-17 14504]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-05-21 1063040]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys [2003-05-21 179712]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-10-21 22777]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-09-10 262608]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 V0250Dev;Live! Cam Notebook Pro; C:\WINDOWS\system32\DRIVERS\V0250Dev.sys [2006-06-27 185504]
R3 V0250Vfx;V0250Vfx; C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys [2006-03-24 6272]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-05-21 631296]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46848]
S3 allegro;Pilote audio ESS Allegro (WDM); C:\WINDOWS\system32\drivers\es198x.sys [2001-08-17 174464]
S3 aswArKrn;aswArKrn; ??\C:\DOCUME~1\Pierre\LOCALS~1\Temp\aswArKrn.sys
S3 atimpab;atimpab; C:\WINDOWS\System32\DRIVERS\atimpab.sys [2001-08-23 289920]
S3 BCM43XX;Pilote pour carte réseau Belkin 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-20 425216]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CE3;Service de la carte Xircom Ethernet 10/100; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-08-23 27164]
S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\System32\DRIVERS\dot4usb.sys [2001-08-23 24064]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-10-21 21993]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver; C:\WINDOWS\System32\DRIVERS\Express.sys [2002-10-17 57344]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 naecd;naecd; ??\C:\DOCUME~1\Pierre\LOCALS~1\Temp\naecd.sys
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-14 5504]

25

Part 6 and EOF for log.txt

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d’application d’assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ANISERVICE;Airgo Networks NIC Service; C:\WINDOWS\System32\aniServ.exe [2004-09-30 143360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HPConfig;HP Configuration Interface Service; C:\WINDOWS\system32\HPConfig.exe [2002-08-15 151552]
R2 HPWirelessMgr;HPWirelessMgr; C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe [2002-07-17 53248]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-20 152984]
R2 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup; C:\PVSW\Bin\WGE_SRV.EXE [2006-12-07 32768]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2006-01-20 18944]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\atievxx.exe [2001-08-23 37376]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-29 138168]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

26

Part 1 of info.txt

info.txt logfile of random’s system information tool 1.04 2008-11-21 19:49:19

======Uninstall list======

–>C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
–>C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"
–>C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
–>C:\WINDOWS\uninst.exe -fc:\compaq\lutil\DeIsL1.isu
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe” -l0x9
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe” -l0x40c
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe” -l0x9
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 4.0 PowerPack Suite–>MsiExec.exe /I{92E64C51-5096-442F-9A44-61CB2941391D}
Adobe Acrobat 5.0–>C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0.1–>C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.3 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Advanced Video FX Engine–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe” -l0x9 /remove
Apple Mobile Device Support–>MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live–>MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Control Panel–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe”
ATI Display Driver–>rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD LT 2000 - Français–>C:\WINDOWS\unin040c.exe -fC:\PROGRA~1\AUTOCA~1\DeIsL1.isu -c"C:\PROGRA~1\AUTOCA~1\unaclt.dll
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
Belkin Wireless Client Utility–>C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0DACEA66-186D-4187-80B7-4D28ABBAE59D} /l1036
Belkin Wireless G Plus Desktop Card–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{D59CAED6-39AF-4F87-AD40-C10C3906B7A4}\setup.exe” -l0x9 -removeonly
Bonjour–>MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bridge Lebel Illimité 2–>C:\WINDOWS\st6unst.exe -n “C:\Program Files\Illimite2\ST6UNST.LOG”
CartoExploreur 3–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{92D73392-3328-4885-962B-750B40EC8EAF}
Conexant 56K ACLink Modem–>C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio–>CIAunwdm.exe
Correctif pour Lecteur Windows Media 11 (KB939683)–>“C:\WINDOWS$NtUninstallKB939683$\spuninst\spuninst.exe”
Correctif pour Windows Internet Explorer 7 (KB947864)–>“C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe”
Correctif pour Windows XP (KB952287)–>“C:\WINDOWS$NtUninstallKB952287$\spuninst\spuninst.exe”
Creative Live! Cam Center–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe” -l0x40c /remove
Creative Live! Cam FX Creator–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9814AC8C-FDA8-431F-A6EB-D7294E2D362E}\setup.exe” -l0x9 /remove
Creative Live! Cam Manager–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe” -l0x40c /remove
Creative Live! Cam Notebook Pro Driver (1.02.06.0627)–>C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0250.uns -unsext NT -plugin V0250Pin.dll -pluginres CtCamPin.crl
Creative Photo Calendar–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe” -l0x40c /remove
Creative Photo Manager–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe” -l0x40c /remove
Creative Software AutoUpdate–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE” -l0x40c /remove
Creative System Information–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe” -l0x40c /remove
DivX Codec–>C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter–>C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player–>C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player–>C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD & DVD Creator 6–>MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
EasyRecovery Lite–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CC0B599B-D007-4F55-BD84-FF1041A17B6A} /l1036
EBP Comptabilité–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5827A3F0-23B3-414F-BFD8-95F96A3D199D}\setup.exe” -l0x40c /uninst
Extension Système de Microsoft Money–>MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}
Géorando Liberté–>C:\Program Files\InstallShield Installation Information{FD68E62D-E056-4AB8-B560-E382CCEE946A}\SETUP.EXE -runfromtemp -l0x040c -removeonly

27

part 2 of info.txt

Google Earth–>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer–>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer–>regsvr32 /u /s “c:\program files\google\googletoolbar1.dll”
HijackThis 2.0.2–>“C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)–>“C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
Inactive HP Printer Drivers (Remove only)–>RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
InterVideo WinDVD–>“C:\Program Files\InstallShield Installation Information{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe” REMOVEALL
iTunes–>MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java™ 6 Update 10–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
Manuel d’utilisation de Creative Live! Cam Notebook Pro (Français)–>C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\Creative Live! Cam Notebook Pro\Manuel d’utilisation de Creative Live! Cam Notebook Pro\French\CTManual.isu"
MapSource - European MetroGuide v4.00–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\Garmin\Setup\EUROMG400\setup.exe” AddRemove
Messenger Plus! Live & Sponsor (CiD)–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft .NET Framework (French) v1.0.3705–>C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1036)
Microsoft .NET Framework (French)–>MsiExec.exe /X{6B908BF7-A583-4962-B068-69657D87CD56}
Microsoft .NET Framework 1.0 Hotfix (KB928367)–>“C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671036\M9283671036Uninstall.msp”
Microsoft .NET Framework 2.0–>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync 3.7–>“C:\WINDOWS\ISUN040C.EXE” -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft Money–>MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Office Professional Edition 2003–>MsiExec.exe /I{9111040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)–>“C:\WINDOWS$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)–>“C:\WINDOWS$NtUninstallKB954154_WM11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)–>“C:\WINDOWS$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)–>“C:\WINDOWS$NtUninstallKB911565$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)–>“C:\WINDOWS$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)–>“C:\WINDOWS$NtUninstallKB898458$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)–>“C:\WINDOWS$NtUninstallKB923723$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)–>“C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)–>“C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)–>“C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)–>“C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)–>“C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)–>“C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)–>“C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)–>“C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)–>“C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)–>“C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB923789)–>C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)–>“C:\WINDOWS$NtUninstallKB938464$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB941569)–>“C:\WINDOWS$NtUninstallKB941569$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB946648)–>“C:\WINDOWS$NtUninstallKB946648$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950760)–>“C:\WINDOWS$NtUninstallKB950760$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950762)–>“C:\WINDOWS$NtUninstallKB950762$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB950974)–>“C:\WINDOWS$NtUninstallKB950974$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951066)–>“C:\WINDOWS$NtUninstallKB951066$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951376)–>“C:\WINDOWS$NtUninstallKB951376$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951376-v2)–>“C:\WINDOWS$NtUninstallKB951376-v2$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951698)–>“C:\WINDOWS$NtUninstallKB951698$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB951748)–>“C:\WINDOWS$NtUninstallKB951748$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB952954)–>“C:\WINDOWS$NtUninstallKB952954$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB953839)–>“C:\WINDOWS$NtUninstallKB953839$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB954211)–>“C:\WINDOWS$NtUninstallKB954211$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB954459)–>“C:\WINDOWS$NtUninstallKB954459$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB955069)–>“C:\WINDOWS$NtUninstallKB955069$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956391)–>“C:\WINDOWS$NtUninstallKB956391$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956803)–>“C:\WINDOWS$NtUninstallKB956803$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB956841)–>“C:\WINDOWS$NtUninstallKB956841$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB957095)–>“C:\WINDOWS$NtUninstallKB957095$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB957097)–>“C:\WINDOWS$NtUninstallKB957097$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows XP (KB958644)–>“C:\WINDOWS$NtUninstallKB958644$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB951072-v2)–>“C:\WINDOWS$NtUninstallKB951072-v2$\spuninst\spuninst.exe”
Mise à jour pour Windows XP (KB951978)–>“C:\WINDOWS$NtUninstallKB951978$\spuninst\spuninst.exe”

28

Part 3 and EOF for info.txt

Notebook Utilities–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe” -l0x40c UNINSTALL
OgcDrv–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{894782F5-E443-4452-B04A-45657D3A759A} /l1036
One-Touch Buttons–>C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
Panda ActiveScan 2.0–>C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pervasive System Analyzer–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fichiers communs\Pervasive Software Shared\PSA\psa.isu"
Pervasive.SQL V8 Workgroup (v8.6)–>MsiExec.exe /I{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}
Picasa 2–>“C:\Program Files\Picasa2\Uninstall.exe”
QuickTime–>MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Réseau Antilles Bayo–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{6EC8F541-50BF-41D0-B41F-F5951F2E06B0}
Réseau Antilles BdAlti–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{EEC8305D-D841-41AC-B0D7-77F2B01677C8}
Réseau Antilles BdNyme–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{FC63BB62-6264-48F4-8F07-3B0930DB030A}
Réseau France Bayo–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B4C69248-E01C-4C6D-9C0B-A02505625F96}
Réseau France BdAlti–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B13FE5B5-A0DF-4700-9AB4-8C94C38BCFF3}
Réseau France BdNyme–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{3250D35A-F0C7-44E4-A12C-2D810F468090}
Réseau Guyane Bayo–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{CAA389AD-9872-459C-92B3-B009390B9E12}
Réseau Guyane BdAlti–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{18513947-C958-4EB6-B203-6F80E3EA5F22}
Réseau Guyane BdNyme–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{C0B37117-6DEB-4346-9279-54DC468647D3}
Réseau Réunion Bayo–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{4AC307D2-AC99-4D12-B816-FCB97E05F490}
Réseau Réunion BdAlti–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{6D047C3D-E0F6-4FA7-B858-952FEF7DBA21}
Réseau Réunion BdNyme–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{99846345-C2FB-4EC0-8AF2-29950FB65056}
Safari–>MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
SightSpeed (remove only)–>“C:\Program Files\SightSpeed\uninst.exe”
Skype™ 3.8–>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sound Rescue Terratec 2.0–>C:\WINDOWS\Algoui.exe sle20.exe alsetup.exe
Synaptics TouchPad–>rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
Utilitaire de sauvegarde Windows–>MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
VideoLAN VLC media player 0.8.6i–>C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger–>MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows XP Service Pack 3–>“C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe”
WinZip 11.1–>MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

======Security center information======

AV: avast! antivirus 4.8.1290 [VPS 081120-0]

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=C:\PVSW\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\AUTODE~1;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared;C:\Program Files\Belkin\Belkin Wireless Utility\Unicows;C:\Program Files\QuickTime\QTSystem
“windir”=%SystemRoot%
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=15
“PROCESSOR_IDENTIFIER”=x86 Family 15 Model 2 Stepping 7, GenuineIntel
“PROCESSOR_REVISION”=0207
“NUMBER_OF_PROCESSORS”=1
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“FP_NO_HOST_CHECK”=NO
“CLASSPATH”=.;C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc.jar;C:\Program Files\QuickTime\QTSystem\QTJava.zip
“VSL”=C:\PVSW\bin
“QTJAVA”=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

29

Hey pedro91,

Your logs aren’t too bad, let’s run some tools to remove the remnants. :slight_smile: Please insert a removable disk into your [b]E:[/b] before continuing the fixing.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

1) Run OTMoveIt3

Please download the OTMoveIt3 by OldTimer.

[*] Save it to your desktop.
[*] Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveIt3.exe and select “Run as an Administrator”)
[*]Copy everything in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Files
C:\WINDOWS\005197_.tmp
C:\WINDOWS\peernet
E:\ev60a2.cmd

:Reg
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28c04252-bb7a-11dc-abce-000bcd883d84}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96c34348-7b5e-11dc-ab01-000bcd883d84}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcd67d10-991b-11dd-adb3-00173f864771}]

:Commands
[purity]
[emptytemp]
[start explorer]

[*] Return to OTMoveIt3, right click in the “Paste Instructions for Items to be Moved” window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]Copy everything in the “Results” window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2) Run Malwarebytes’ Anti-Malware

Please download Malwarebytes’ Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

3) Run Flash Drive Disinfector

Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.[*] Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.[*] The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.[*] Wait until it has finished scanning and then exit the program.[*] Reboot your computer when done.Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don’t delete this folder…it will help protect your drives from future infection.

Next reply (please include):

Note: Please do NOT attach the logs and post ONE log in each post

Fresh RSIT log (please re-run RSIT)
OTMoveIt3 log
MBAM scan log

30

Hi,

Thanks for your instructions. I will perform the process and keep you informed. Just one tip: I can only insert 10 000 caracters in my replies. I will be very happy to send you the log in one reply only but they logs are too long. So:

How can I make longer messages?

And/or how to minimize the logs?

Best regards
Pierre

31

Bravo! Congratulations! Mabruck! Everything become normal again!!

I can access to C: and avast is up-grading automatically without trouble.

For your information, find heer under the last logs:

For OTMoveIt03, I got a small problem: I double click on green results window tying to highlight every thing, but in fact the soft remain blocked and I could copy the result to the cilpboard. What I could read was:
Quote:

====Processes===
Process explorer.exe killed succefully
===Files===
C:\WINDOWS\005197_.tmp moved successfully
Folder move fails. C:\WINDOWS\peernet schuduled to…??
file/folder E:\ev60a2.cmd not found

unquote

log from Malwarebyte

Malwarebytes’ Anti-Malware 1.30
Database version: 1417
Windows 5.1.2600 Service Pack 3

23/11/2008 18:23:06
mbam-log-2008-11-23 (18-23-06).txt

Scan type: Quick Scan
Objects scanned: 56083
Time elapsed: 10 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) → Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) → Bad: (0) Good: (1) → Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Many thanks for all your help
Best regards
Pierre

32

Hey Pierre,

Just post your logs in multiple posts will do. :slight_smile:

33

Hey Pierre,

That’s good to hear. :slight_smile:

You don’t highlight texts by double-clicking. You hold you left mouse button down and move the pointer over the texts to highlight them. Let’s try running OTMoveIt3 and get the logs again.

[*] Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveIt3.exe and select “Run as an Administrator”)
[*]Copy everything in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Files
C:\WINDOWS\005197_.tmp
C:\WINDOWS\peernet
E:\ev60a2.cmd
C:\Documents and Settings\Pierre\Local Settings\Temp\naecd.sys

:Services
naecd

:Reg
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28c04252-bb7a-11dc-abce-000bcd883d84}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96c34348-7b5e-11dc-ab01-000bcd883d84}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fcd67d10-991b-11dd-adb3-00173f864771}]

:Commands
[purity]
[emptytemp]
[start explorer]

[*] Return to OTMoveIt3, right click in the “Paste Instructions for Items to be Moved” window (under the light Yellow bar) and choose Paste.
[*]Click the red Moveit! button.
[*]Copy everything in the “Results” window (under the Green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt3. (Important! If you still don’t know how to get the whole log of OTMoveIt3, DON’T CLOSE OTMoveIt3 and come on here and ask me for help)
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also, please re-run RSIT.exe and post me the log as well. Thanks. :slight_smile:

34

Hi,

Here result of OTmovedIt3

Files moved on Reboot…
Folder move failed. C:\WINDOWS\peernet scheduled to be moved on reboot.

part 1 of RSIT

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Pierre at 2008-11-24 23:11:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 44 GB (46%) free of 95 GB
Total RAM: 447 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:58, on 24/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe
C:\Program Files\ACD Systems\ImageFox\ImageFox.exe
C:\Program Files\Belkin\F5D7001v2000\ChkDev.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Pierre\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pierre.exe

35

Part 2 of RSIT

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/040C/bF8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..\Run: [CARPService] carpserv.exe
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM..\Run: [RoxioEngineUtility] “C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe”
O4 - HKLM..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe”
O4 - HKLM..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [MoneyAgent] “C:\Program Files\Microsoft Money\System\mnyexpr.exe”
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [Creative Live! Cam Manager] “C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”
O4 - HKCU..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O4 - Global Startup: ImageFox.lnk = ?

36

Part 3 of RSIT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra ‘Tools’ menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Créer un Favori de l’appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180639003638
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180639731898
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227197591115&h=bcea8539f4b4009d2dec57af177f4461/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - C:\PVSW\Bin\WGE_SRV.EXE
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


End of file - 12524 bytes

37

Part 4 of RSIT

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d’Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-06-29 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-20 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-06-29 2436160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“ATIModeChange”=C:\WINDOWS\system32\Ati2mdxx.exe [2002-08-15 28672]
“CARPService”=C:\WINDOWS\system32\carpserv.exe [2003-05-21 4608]
“ATIPTA”=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2002-08-14 290816]
“PreloadApp”=c:\hp\drivers\printers\photosmart\hphprld.exe [2001-12-12 36864]
“srmclean”=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
“Display Settings”=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe [2002-08-15 45056]
“QT4HPOT”=C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE [2002-10-14 98304]
“SynTPLpr”=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-09-09 126976]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-09-09 557056]
“Cpqset”=C:\Program Files\HPQ\Default Settings\cpqset.exe [2002-10-23 176197]
“RoxioEngineUtility”=C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]
“RoxioDragToDisc”=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-10-21 868352]
“V0250Mon.exe”=C:\WINDOWS\V0250Mon.exe [2006-06-07 32768]
“AVFX Engine”=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-10-09 20480]
“AppleSyncNotifier”=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
“QuickTime Task”=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
“iTunesHelper”=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-20 136600]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“MoneyAgent”=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 204800]
“MsnMsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“Creative Live! Cam Manager”=C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2006-05-31 143360]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2008-08-11 21741864]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-20 68856]
“H/PC Connection Agent”=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-24 401491]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\F5D7001v2000\Belkinwcui.exe
ImageFox.lnk - C:\WINDOWS\Installer{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe

38

Part 5 of RSIT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=36
“NoDriveAutoRun”=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\PVSW\Bin\w3dbsmgr.exe”=“C:\PVSW\Bin\w3dbsmgr.exe::Enabled:Database Service Manager"
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”="C:\Program Files\Microsoft ActiveSync\wcescomm.exe::Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WcesMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WcesMgr.exe::Enabled:ActiveSync Application"
“C:\Program Files\NetMeeting\conf.exe”="C:\Program Files\NetMeeting\conf.exe::Enabled:Windows® NetMeeting®”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\SightSpeed\SightSpeed.exe”="C:\Program Files\SightSpeed\SightSpeed.exe::Enabled:SightSpeed”
“C:\Program Files\Bonjour\mDNSResponder.exe”=“C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour"
“C:\Program Files\iTunes\iTunes.exe”="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{051d70b2-c401-11dc-abeb-00173f864771}]
shell\Auto\command - MicrosoftPowerPoint.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{28c04252-bb7a-11dc-abce-000bcd883d84}]
shell\Auto\command - Cn911.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{297187e0-20dd-11dc-aa40-00028a7adc95}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5824c410-74ce-11dc-aaf4-000bcd883d84}]
shell\AutoRun\command - RavMon.exe
shell\open\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{96c34348-7b5e-11dc-ab01-000bcd883d84}]
shell\Auto\command - Cn911.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fcd67d10-991b-11dd-adb3-00173f864771}]
shell\AutoRun\command - E:\ev60a2.cmd
shell\explore\command - E:\ev60a2.cmd
shell\open\command - E:\ev60a2.cmd

39

Part 6 of RSIT

======List of files/folders created in the last 2 months======

2008-11-24 11:17:01 ----D---- C:\WINDOWS\LastGood
2008-11-23 18:07:13 ----D---- C:\Documents and Settings\Pierre\Application Data\Malwarebytes
2008-11-23 18:07:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-23 18:07:01 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-11-23 17:39:44 ----D---- C:_OTMoveIt
2008-11-21 19:49:00 ----D---- C:\rsit
2008-11-21 15:37:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-20 22:58:58 ----D---- C:\Program Files\Trend Micro
2008-11-20 18:22:14 ----D---- C:\WINDOWS\Sun
2008-11-20 18:16:34 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-20 18:16:34 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-20 18:16:34 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-20 18:16:33 ----A---- C:\WINDOWS\system32\java.exe
2008-11-20 18:15:56 ----D---- C:\Program Files\Java
2008-11-20 18:11:36 ----D---- C:\Documents and Settings\Pierre\Application Data\Sun
2008-11-20 15:25:35 ----D---- C:\Program Files\Panda Security
2008-11-17 15:59:20 ----HDC---- C:\WINDOWS$NtUninstallKB951978$
2008-11-17 15:56:35 ----HDC---- C:\WINDOWS$NtUninstallKB957097$
2008-11-17 15:55:12 ----HDC---- C:\WINDOWS$NtUninstallKB954459$
2008-11-17 15:53:29 ----HDC---- C:\WINDOWS$NtUninstallKB955069$
2008-11-01 21:51:06 ----D---- C:\WINDOWS\Prefetch
2008-11-01 21:25:26 ----HDC---- C:\WINDOWS$NtUninstallKB958644$
2008-11-01 21:25:09 ----HDC---- C:\WINDOWS$NtUninstallKB957095$
2008-11-01 21:24:47 ----HDC---- C:\WINDOWS$NtUninstallKB956841$
2008-11-01 21:24:28 ----HDC---- C:\WINDOWS$NtUninstallKB956803$
2008-11-01 21:24:06 ----HDC---- C:\WINDOWS$NtUninstallKB954211$
2008-11-01 21:23:45 ----HDC---- C:\WINDOWS$NtUninstallKB952954$
2008-11-01 21:23:27 ----HDC---- C:\WINDOWS$NtUninstallKB952287$
2008-11-01 21:23:08 ----HDC---- C:\WINDOWS$NtUninstallKB951748$
2008-11-01 21:22:49 ----HDC---- C:\WINDOWS$NtUninstallKB951698$
2008-11-01 21:22:31 ----HDC---- C:\WINDOWS$NtUninstallKB951376-v2$
2008-11-01 21:22:14 ----HDC---- C:\WINDOWS$NtUninstallKB951376$
2008-11-01 21:21:52 ----HDC---- C:\WINDOWS$NtUninstallKB951066$
2008-11-01 21:21:34 ----HDC---- C:\WINDOWS$NtUninstallKB950974$
2008-11-01 21:21:16 ----HDC---- C:\WINDOWS$NtUninstallKB950762$
2008-11-01 21:20:56 ----HDC---- C:\WINDOWS$NtUninstallKB946648$
2008-11-01 21:20:39 ----HDC---- C:\WINDOWS$NtUninstallKB938464$
2008-11-01 21:13:36 ----D---- C:\WINDOWS\l2schemas
2008-11-01 21:13:35 ----D---- C:\WINDOWS\system32\fr
2008-10-24 21:47:01 ----HDC---- C:\WINDOWS$NtUninstallKB958644_0$
2008-10-22 11:04:14 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-22 11:04:11 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-22 11:04:08 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-22 11:04:08 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-22 11:03:55 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-22 11:03:55 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-22 11:03:36 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-22 11:03:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-22 11:03:28 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-22 11:03:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-22 11:03:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-22 11:03:24 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-22 11:03:24 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-22 11:03:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-22 11:03:18 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-22 11:03:03 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-22 11:03:03 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-22 11:03:03 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-22 11:03:01 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-22 11:03:00 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-22 11:02:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-22 11:02:56 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-22 11:02:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-22 11:02:19 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-22 11:02:18 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-22 11:02:17 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-22 11:01:50 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-22 11:01:49 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-22 11:01:49 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-22 11:01:49 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-22 11:01:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-22 11:01:43 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-22 11:01:43 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-22 11:01:43 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-22 11:01:41 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-22 11:01:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-22 11:01:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-22 11:01:35 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-22 11:01:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-22 11:01:25 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-22 11:01:12 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-15 06:37:11 ----HDC---- C:\WINDOWS$NtUninstallKB956803_0$
2008-10-15 06:36:58 ----HDC---- C:\WINDOWS$NtUninstallKB956391$
2008-10-15 06:36:45 ----HDC---- C:\WINDOWS$NtUninstallKB957095_0$
2008-10-15 06:32:49 ----HDC---- C:\WINDOWS$NtUninstallKB954211_0$
2008-10-15 06:32:20 ----HDC---- C:\WINDOWS$NtUninstallKB956841_0$

40

Part 7 of RSTI

======List of files/folders modified in the last 2 months======

2008-11-24 23:08:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-24 23:08:32 ----D---- C:\WINDOWS\peernet
2008-11-24 22:37:07 ----D---- C:\Documents and Settings\Pierre\Application Data\Skype
2008-11-24 21:44:50 ----D---- C:\WINDOWS\Temp
2008-11-24 16:06:11 ----D---- C:\Documents and Settings\Pierre\Application Data\skypePM
2008-11-24 11:17:20 ----D---- C:\WINDOWS\system32
2008-11-24 11:17:18 ----HD---- C:\WINDOWS\inf
2008-11-24 11:17:13 ----D---- C:\WINDOWS\Help
2008-11-24 11:17:01 ----D---- C:\WINDOWS
2008-11-24 11:17:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-24 01:13:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-23 23:17:30 ----A---- C:\WINDOWS\BRWMARK.INI
2008-11-23 23:17:30 ----A---- C:\WINDOWS\BRPP2KA.INI
2008-11-23 18:07:07 ----D---- C:\WINDOWS\system32\drivers
2008-11-23 18:07:01 ----RD---- C:\Program Files
2008-11-21 15:37:32 ----D---- C:\Program Files\Alwil Software
2008-11-21 15:14:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-20 18:18:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 18:16:49 ----SHD---- C:\WINDOWS\Installer
2008-11-20 18:16:49 ----D---- C:\Config.Msi
2008-11-19 14:58:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-17 15:56:42 ----A---- C:\WINDOWS\imsins.BAK
2008-11-17 15:56:31 ----HD---- C:\WINDOWS$hf_mig$
2008-11-17 08:53:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-17 08:52:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-11-17 08:52:36 ----D---- C:\Program Files\Adobe
2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-01 21:52:02 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-01 21:50:59 ----A---- C:\WINDOWS\setuplog.txt
2008-11-01 21:50:10 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 21:50:10 ----D---- C:\WINDOWS\AppPatch
2008-11-01 21:50:09 ----D---- C:\WINDOWS\system32\wbem
2008-11-01 21:50:07 ----RSD---- C:\WINDOWS\Fonts
2008-11-01 21:49:21 ----D---- C:\WINDOWS\security
2008-11-01 21:25:31 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 21:20:57 ----D---- C:\Program Files\Messenger
2008-11-01 21:14:33 ----D---- C:\WINDOWS\WinSxS
2008-11-01 21:14:22 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 21:14:18 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 21:14:17 ----D---- C:\WINDOWS\ime
2008-11-01 21:13:43 ----D---- C:\WINDOWS\system32\fr-fr
2008-11-01 21:13:42 ----D---- C:\WINDOWS\system32\usmt
2008-11-01 21:13:34 ----D---- C:\WINDOWS\system32\bits
2008-11-01 21:13:33 ----D---- C:\Program Files\Movie Maker
2008-11-01 21:07:54 ----D---- C:\WINDOWS\system32\Restore
2008-11-01 21:07:54 ----D---- C:\WINDOWS\system32\npp
2008-11-01 21:07:51 ----D---- C:\WINDOWS\msagent
2008-11-01 21:07:48 ----D---- C:\WINDOWS\srchasst
2008-11-01 21:07:47 ----D---- C:\Program Files\NetMeeting
2008-11-01 21:07:44 ----D---- C:\WINDOWS\system32\Com
2008-11-01 21:07:40 ----D---- C:\Program Files\Windows Media Player
2008-11-01 21:07:39 ----D---- C:\Program Files\Windows NT
2008-11-01 21:07:39 ----D---- C:\Program Files\Outlook Express
2008-11-01 21:07:34 ----D---- C:\Program Files\Fichiers communs\System
2008-11-01 21:07:09 ----D---- C:\WINDOWS\system32\oobe
2008-11-01 21:07:05 ----D---- C:\WINDOWS\system
2008-11-01 21:01:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-01 21:01:27 ----HDC---- C:\WINDOWS$NtServicePackUninstall$
2008-11-01 20:55:44 ----D---- C:\WINDOWS\EHome
2008-10-22 09:54:56 ----D---- C:\WINDOWS\Debug
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:32 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 14:06:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 06:36:22 ----D---- C:\Program Files\Internet Explorer
2008-10-15 06:36:05 ----D---- C:\WINDOWS\ie7updates
2008-10-15 06:35:13 ----A---- C:\WINDOWS\win.ini
2008-10-03 18:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-02 20:50:22 ----D---- C:\Documents and Settings\Pierre\Application Data\ImageFox