Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Tidserv Request detected" and "traffic block"aler

Started by rktac , Jul 15 2010 07:03 PM

  • Please log in to reply

#1
rktac
Posted 15 July 2010 - 07:03 PM

rktac

    New Member

  • Member
  • Pip
  • 4 posts
Hi,

Since yesterday, my Symantec Endpoint Protection AV shows disturbing pop-ups saying "SID:23621 HTTP Tidserv Rquest Detected".
It also pops up another message concerning traffic being blocked from an IP address(91 212 226 59) with a 10 mintues time frame, along with Tidserv Request 2 Detected (or something like that, I don't know exactly).
The first message shows up whenever I'm doing a google search, or when I'm on Internet. The second message pops every ten minutes or so.

While looking for a solution on the Web, I came accross you Website, and made an account.

I started looking at the forum posts to see if I could find my answer there but I realized too many answers are different and are related to specific logs.

So I Followed all the steps detailed in Spyware/Malware removal Guide.

Here's what I did :

1) I ran TFC - I needed to reboot my computer, which I did.
2) ERUNT - The confirmation window poped up, so I guess that worked correctly.
3) I ran MBAM as explained, it found 2 infected files but I removed them as the guide says - See the log below (sorry it's in french, I don't understand why since I installed MBAM in english)
4) I made sure to check that my Symantec Endpoint Protection was working correctly - It does (it's up to date and all)
5) I restarted my computer and tried to go on internet. The messages still poped up.
6) I ran GMER as detailed in the Guide - See the log below
7) I ran OTL - If you need the two logs (OTL.txt & Extras.txt) I can post them
8) I did a complete scan from Symantec Endpoint protection - It found tracking cookies (deleted) and nothing else



I would appreciate help with solving my problem, and I thank in advance anybody you'll try to help me.



Here Are the logs required.




MBAM LOG
----------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-07-15 17:47:22
mbam-log-2010-07-15 (17-47-22).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 145766
Temps écoulé: 44 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
------------



GMER LOG
----------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-15 18:07:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT 8989CD28 ZwAlertResumeThread
SSDT 89910D60 ZwAlertThread
SSDT 89852A48 ZwAllocateVirtualMemory
SSDT 8988BC20 ZwConnectPort
SSDT 897C15D8 ZwCreateMutant
SSDT 89EC8438 ZwCreateThread
SSDT 897C6A48 ZwFreeVirtualMemory
SSDT 8985D0D8 ZwImpersonateAnonymousToken
SSDT 89EFD0D8 ZwImpersonateThread
SSDT 89E56DA0 ZwMapViewOfSection
SSDT 8987B4A0 ZwOpenEvent
SSDT 898A5B10 ZwOpenProcessToken
SSDT 8984F950 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA0306B0]
SSDT 898B80C8 ZwResumeThread
SSDT 8987FED0 ZwSetContextThread
SSDT 89EE69D0 ZwSetInformationProcess
SSDT 89EDE560 ZwSetInformationThread
SSDT 89F0A358 ZwSuspendProcess
SSDT 898E9A70 ZwSuspendThread
SSDT 898A5BE8 ZwTerminateProcess
SSDT 899198B0 ZwTerminateThread
SSDT 898B6628 ZwUnmapViewOfSection
SSDT 89ED72B8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 384 804E29F0 1 Byte [C8]
.text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 8 Bytes CALL 30D7B51C

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[596] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[596] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[596] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\SearchIndexer.exe[832] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 3 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtProtectVirtualMemory + 4 7C91D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1804] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 01D4000A
.text C:\WINDOWS\System32\svchost.exe[1804] ole32.dll!CoCreateInstance 774C057E 5 Bytes JMP 00AB000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci 69632 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci 53248 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci 28672 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.ci 32768 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci 24576 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci 106496 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.ci 24576 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.ci 28672 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.dir 4096 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG002b.000 240 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG002b.001 65536 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG002b.002 65536 bytes

---- EOF - GMER 1.0.15 ----
-------------------------------------------------
  • 0

Advertisements

#2
RKinner
Posted 15 July 2010 - 10:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
Copy and Paste the two OTL logs.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron
  • 0

#3
rktac
Posted 15 July 2010 - 11:36 PM

rktac

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi!

First of all, I want to thank you for your fast reply and your help. I really appreciate it.

The two OTL logs and the ComboFix log are copied and paste below.

I also wanted to mentioned that between doing the OTL logs and the ComboFix, I cleaned my computer from MBAM, GMER, TFC and ERUNT.

While ComboFix was working, it it asked to restart my computer (I clicked yes)and after my computer restarted, ComboFix continued without me doing anything. Is that normal?
One last thing : While ComboFix was working, my symantec endpoint sent an alert, but I read somewhere that it was normal because of ComboFix. Is that right?

Thank you again for your help.

Here are the logs required.



OTL Log (1) - OTL.TXT
-----------------------------------------------------------------
OTL logfile created on: 2010-07-15 18:09:22 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\owner\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223,57 Gb Total Space | 178,25 Gb Free Space | 79,73% Space Free | Partition Type: NTFS
Drive D: | 152,66 Gb Total Space | 152,55 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-15 18:08:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
PRC - [2010-06-28 10:59:02 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-27 23:16:02 | 000,617,152 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe
PRC - [2010-01-11 16:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2008-12-08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008-12-08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008-12-08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008-08-14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2008-08-14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
PRC - [2008-05-26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2003-09-02 06:42:40 | 000,041,038 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\AtiSched.exe
PRC - [2003-06-20 03:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010-07-15 18:08:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
MOD - [2008-04-13 22:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe -- (x10nets)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\ffefeebdbafbfcdef.exe -- (ffefeebdbafbfcdef)
SRV - [2009-12-03 18:36:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-12-08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008-12-08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008-12-08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008-08-14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008-08-14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008-06-30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2003-06-20 03:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2010-07-14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100714.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-07-14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100714.002\NAVENG.SYS -- (NAVENG)
DRV - [2010-06-02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010-05-27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-05-27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-02-17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009-09-03 22:42:30 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008-12-08 21:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008-12-08 21:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008-11-18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008-10-14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008-10-13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008-10-13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008-10-13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008-08-21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008-08-21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008-06-16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008-04-13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-03-06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007-07-28 02:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2004-08-04 01:31:34 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003-08-26 16:25:14 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003-08-26 16:24:06 | 000,675,840 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003-08-26 16:22:34 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003-08-12 22:34:28 | 000,594,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-08-06 17:44:24 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003-08-06 17:44:11 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003-08-06 17:41:07 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003-08-06 17:39:59 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003-08-06 17:39:05 | 000,051,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003-08-06 17:35:20 | 000,056,832 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2003-07-14 09:49:04 | 000,254,868 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003-03-25 17:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002-11-06 05:48:34 | 000,136,448 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
DRV - [2002-10-17 15:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002-08-20 17:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001-08-17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 16:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001-08-17 16:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001-08-17 16:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001-08-17 16:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001-08-17 16:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001-08-17 16:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001-08-17 16:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001-08-17 16:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001-08-17 16:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/de...ca&OCID=FW69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 31 E5 BE F8 44 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.38
FF - prefs.js..extensions.enabledItems: [email protected]:1.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-28 10:59:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-15 16:04:27 | 000,000,000 | ---D | M]

[2009-12-26 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2009-12-21 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\[email protected]
[2010-07-14 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions
[2010-04-27 19:33:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-20 17:52:54 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2010-01-06 18:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\[email protected]
[2010-05-13 11:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\[email protected]
[2010-07-14 22:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-15 17:59:21 | 000,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\facefeaaafc.dll
[2010-01-15 21:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-01-15 21:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-01-15 21:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-01-15 21:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-03-23 22:05:14 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2003-04-24 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\AtiSched.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\owner\Menu Démarrer\Programmes\Démarrage\Registration .LNK = C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252027187253 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-02 22:14:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-09-14 06:00:36 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007-09-11 08:57:21 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c87373c9-9800-11de-bf60-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c87373c9-9800-11de-bf60-806d6172696f}\Shell\AutoRun\command - "" = E:\AutoRun/AutoRun.bat -- [2007-09-11 08:57:23 | 000,000,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.YU12 - C:\WINDOWS\System32\atiyuv12.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\atiyuv12.dll ()
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010-07-15 18:08:27 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
[2010-07-15 17:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010-07-15 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010-07-15 17:00:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-07-15 17:00:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-07-15 17:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-07-15 16:59:30 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\owner\Bureau\mbam-setup.exe
[2010-07-15 16:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-07-15 16:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-07-15 16:57:17 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\owner\Bureau\erunt_setup.exe
[2010-07-15 16:39:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\TFC.exe
[2010-07-15 15:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\sfdnnhfcm
[2010-07-14 14:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010-07-14 14:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010-07-14 14:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Xenocode
[2010-07-14 14:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\LANCITE
[2010-07-13 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Music for Tamie
[2010-07-12 22:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Little Ink Pot
[2010-07-06 23:22:00 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2010-07-06 23:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Finale NotePad 2008
[2010-06-30 17:25:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\owner\Bureau\basd.com.exe
[2010-06-30 10:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\BitTorrent
[2010-06-24 12:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fanfiction Downloader
[2010-06-23 12:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Downloads
[2010-06-05 10:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\eXpress IP Locator
[2010-06-02 10:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Photos à faire développer
[2010-05-27 17:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010-05-27 12:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Pauline Playlist
[2010-05-26 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\23 mai 2010-2
[2010-05-26 16:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\23 mai 2010-1
[2010-05-25 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010-05-25 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\InstallShield
[2010-05-17 09:57:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010-05-05 19:45:44 | 000,517,632 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010-04-26 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\PhotoFiltre
[2010-04-20 13:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\CmapTools
[2010-04-20 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\CmapToolsLogs
[2010-04-20 13:50:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010-04-20 13:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\IHMC CmapTools
[2010-04-20 13:49:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\InstallAnywhere

========== Files - Modified Within 90 Days ==========

[2010-07-15 18:11:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9B3CFCB4-0221-49B2-A66B-4EF847C5375B}.job
[2010-07-15 18:08:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
[2010-07-15 17:00:28 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010-07-15 17:00:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010-07-15 16:59:52 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\owner\Bureau\mbam-setup.exe
[2010-07-15 16:58:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\owner\Bureau\NTREGOPT.lnk
[2010-07-15 16:58:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\owner\Bureau\ERUNT.lnk
[2010-07-15 16:57:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\owner\Bureau\erunt_setup.exe
[2010-07-15 16:55:34 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-15 16:55:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-15 16:55:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-15 16:53:05 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010-07-15 16:39:55 | 001,154,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-15 16:39:55 | 000,533,158 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010-07-15 16:39:55 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-15 16:39:55 | 000,093,612 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010-07-15 16:39:55 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-15 16:39:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\TFC.exe
[2010-07-15 13:39:44 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\fanfic I have in pdf or Word doc.doc
[2010-07-15 10:45:47 | 003,399,168 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence.doc
[2010-07-14 19:02:53 | 000,054,632 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\viewer.png
[2010-07-14 17:05:53 | 007,168,000 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Emancipation_Proclamation_by_Kharizzmatik.doc
[2010-07-14 16:47:27 | 007,165,952 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\emancipation proclamation.doc
[2010-07-14 03:00:33 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-13 23:30:39 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\knowing me.doc
[2010-07-13 01:33:52 | 003,345,920 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.doc
[2010-07-12 21:06:00 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\WACover.doc
[2010-07-12 20:04:36 | 005,169,266 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.pdf
[2010-07-11 04:38:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-07-10 23:52:04 | 001,655,296 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence (2).doc
[2010-07-10 19:25:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\owner\Mes documents\~$pie de Wide Awake.doc
[2010-07-10 19:25:02 | 005,099,008 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake.doc
[2010-07-10 19:25:02 | 005,099,008 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Copie de Wide Awake.doc
[2010-07-10 19:05:10 | 000,030,216 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\GDIPFONTCACHEV1.DAT
[2010-07-10 14:55:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\owner\Mes documents\~$eaking the Silence.doc
[2010-07-10 14:37:45 | 000,030,216 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-07-10 14:37:27 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\owner\Menu Démarrer\Programmes\Démarrage\Registration .LNK
[2010-07-10 14:36:43 | 001,452,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-08 17:33:52 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\fanfiction list.doc
[2010-07-07 23:09:02 | 000,137,144 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Untiteled - Simple Plan.pdf
[2010-07-07 23:06:51 | 000,131,115 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\My Decemeber - Linkin Park.pdf
[2010-07-07 23:06:33 | 000,131,115 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\My D.pdf
[2010-07-06 23:24:31 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2008.lnk
[2010-07-06 23:24:31 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Finale NotePad 2008.lnk
[2010-07-06 18:03:21 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Liste Appartement.doc
[2010-07-02 21:46:11 | 001,837,568 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\With Teeth.doc
[2010-07-01 19:00:38 | 005,018,048 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Bal & Graduation 2010 # 2.zip
[2010-07-01 19:00:35 | 009,397,566 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Graduation & Bal 2010.zip
[2010-07-01 14:23:13 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\owner\Bureau\basd.com.exe
[2010-06-24 20:33:54 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_3.bmp
[2010-06-24 20:24:27 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_2.bmp
[2010-06-24 20:08:55 | 004,383,302 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_1.bmp
[2010-06-23 15:19:20 | 000,009,524 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\Folder.jpg
[2010-06-23 15:19:20 | 000,002,442 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\AlbumArtSmall.jpg
[2010-06-23 12:41:14 | 004,036,043 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\01 - Opening.mp3
[2010-06-23 12:40:42 | 000,009,524 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Large.jpg
[2010-06-23 12:40:42 | 000,002,442 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Small.jpg
[2010-06-23 12:35:57 | 013,603,997 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\06 - Morning Montage.mp3
[2010-06-23 12:35:55 | 011,916,161 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\03 - I Know You Can Hear Me.mp3
[2010-06-23 12:35:51 | 011,629,546 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\10 - Remember Me.mp3
[2010-06-23 12:35:48 | 004,048,311 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\02 - Summer.mp3
[2010-06-23 12:35:45 | 004,073,152 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\09 - Caroline.mp3
[2010-06-23 12:35:43 | 007,853,240 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\08 - Craig Worries.mp3
[2010-06-23 12:35:40 | 008,695,581 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\12 - Don't Be A Stranger.mp3
[2010-06-23 12:35:26 | 005,229,139 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\11 - Subway Ride.mp3
[2010-06-23 12:35:18 | 003,876,474 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\07 - Wake Up Call.mp3
[2010-06-23 12:34:03 | 002,860,532 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\05 - Angry Ride.mp3
[2010-06-23 12:33:46 | 003,122,465 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\04 - Tyler.mp3
[2010-06-13 10:14:39 | 000,034,836 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\ProduireSpecimenCheque.pdf
[2010-06-11 03:15:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-09 20:28:49 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\liste apart.doc
[2010-06-07 17:04:00 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Material Inventory Requisition.doc
[2010-06-07 12:33:03 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\CV_Carrier_Mc.doc
[2010-06-07 00:45:57 | 003,769,096 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Falling for You.rtf
[2010-06-05 17:11:31 | 001,881,088 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\LoL.doc
[2010-06-05 17:09:37 | 000,079,751 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\SafeRedirect.aspx
[2010-06-03 14:47:18 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\owner\Mes documents\~$lling for You.rtf
[2010-06-02 23:40:22 | 000,137,623 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Document1.pdf
[2010-06-02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010-06-01 13:06:51 | 001,078,101 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\FD&KK summary.pdf
[2010-05-31 22:01:07 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010-05-27 17:29:03 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TweetDeck.lnk
[2010-05-25 18:07:28 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CSI-Hard Evidence.lnk
[2010-05-22 09:42:55 | 000,307,985 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\CV_Carrier_Mc.pdf
[2010-05-20 13:44:13 | 000,000,035 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010-05-17 15:41:11 | 002,977,117 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Aliens Singing Happy Birthday To You.FLV
[2010-05-09 10:20:47 | 000,229,972 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\bookmarks.html
[2010-05-03 14:09:00 | 000,450,836 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\TouchingLetters.ttf
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-20 13:52:16 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\owner\.powerupdate.user.properties

========== Files Created - No Company Name ==========

[2010-07-15 17:52:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\owner\Bureau\gmer.exe
[2010-07-15 17:00:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010-07-15 16:58:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\owner\Bureau\NTREGOPT.lnk
[2010-07-15 16:58:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\owner\Bureau\ERUNT.lnk
[2010-07-14 19:02:52 | 000,054,632 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\viewer.png
[2010-07-14 16:47:52 | 007,168,000 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Emancipation_Proclamation_by_Kharizzmatik.doc
[2010-07-13 18:28:55 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\knowing me.doc
[2010-07-12 20:43:09 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\WACover.doc
[2010-07-12 20:04:36 | 005,169,266 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.pdf
[2010-07-12 10:56:59 | 000,148,896 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Bleeding_Cowboys.ttf
[2010-07-12 10:54:32 | 003,345,920 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.doc
[2010-07-10 23:52:01 | 001,655,296 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence (2).doc
[2010-07-10 19:25:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\owner\Mes documents\~$pie de Wide Awake.doc
[2010-07-10 19:25:10 | 005,099,008 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Copie de Wide Awake.doc
[2010-07-10 14:55:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\owner\Mes documents\~$eaking the Silence.doc
[2010-07-07 23:09:02 | 000,137,144 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Untiteled - Simple Plan.pdf
[2010-07-07 23:06:51 | 000,131,115 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\My Decemeber - Linkin Park.pdf
[2010-07-07 23:06:32 | 000,131,115 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\My D.pdf
[2010-07-06 23:24:31 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale NotePad 2008.lnk
[2010-07-06 23:24:31 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Finale NotePad 2008.lnk
[2010-07-06 18:03:21 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Liste Appartement.doc
[2010-07-05 13:12:47 | 003,399,168 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence.doc
[2010-07-05 12:44:54 | 000,450,836 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\TouchingLetters.ttf
[2010-07-02 20:59:08 | 001,837,568 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\With Teeth.doc
[2010-07-02 15:08:54 | 000,017,472 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\hwfont.ttf
[2010-07-01 19:00:47 | 009,397,566 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Graduation & Bal 2010.zip
[2010-07-01 19:00:47 | 005,018,048 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Bal & Graduation 2010 # 2.zip
[2010-06-28 00:45:54 | 005,099,008 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake.doc
[2010-06-27 22:03:19 | 000,030,244 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\edo.ttf
[2010-06-27 22:02:22 | 000,148,896 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Bleeding Cowboys.ttf
[2010-06-24 20:33:54 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_3.bmp
[2010-06-24 20:24:26 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_2.bmp
[2010-06-24 20:08:55 | 004,383,302 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_1.bmp
[2010-06-23 12:40:42 | 000,009,524 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Large.jpg
[2010-06-23 12:40:42 | 000,002,442 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Small.jpg
[2010-06-23 12:40:26 | 000,009,524 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\Folder.jpg
[2010-06-23 12:40:26 | 000,002,442 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\AlbumArtSmall.jpg
[2010-06-23 12:21:09 | 004,036,043 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\01 - Opening.mp3
[2010-06-23 12:18:06 | 003,876,474 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\07 - Wake Up Call.mp3
[2010-06-23 12:17:48 | 003,122,465 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\04 - Tyler.mp3
[2010-06-23 12:16:59 | 007,853,240 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\08 - Craig Worries.mp3
[2010-06-23 12:16:54 | 004,073,152 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\09 - Caroline.mp3
[2010-06-23 12:16:52 | 004,048,311 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\02 - Summer.mp3
[2010-06-23 12:16:49 | 011,629,546 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\10 - Remember Me.mp3
[2010-06-23 12:16:46 | 008,695,581 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\12 - Don't Be A Stranger.mp3
[2010-06-23 12:16:39 | 002,860,532 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\05 - Angry Ride.mp3
[2010-06-23 12:16:35 | 013,603,997 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\06 - Morning Montage.mp3
[2010-06-23 12:16:32 | 005,229,139 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\11 - Subway Ride.mp3
[2010-06-23 12:16:29 | 011,916,161 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\03 - I Know You Can Hear Me.mp3
[2010-06-13 10:14:39 | 000,034,836 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\ProduireSpecimenCheque.pdf
[2010-06-10 10:36:42 | 007,165,952 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\emancipation proclamation.doc
[2010-06-10 10:27:12 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\owner\Menu Démarrer\Programmes\Démarrage\Registration .LNK
[2010-06-09 20:28:49 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\liste apart.doc
[2010-06-08 23:25:07 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\fanfiction list.doc
[2010-06-08 18:47:16 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\fanfic I have in pdf or Word doc.doc
[2010-06-07 16:31:40 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Material Inventory Requisition.doc
[2010-06-05 17:11:31 | 001,881,088 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\LoL.doc
[2010-06-05 17:09:36 | 000,079,751 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\SafeRedirect.aspx
[2010-06-03 14:47:18 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\owner\Mes documents\~$lling for You.rtf
[2010-06-03 10:31:03 | 003,769,096 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Falling for You.rtf
[2010-06-02 23:40:20 | 000,137,623 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Document1.pdf
[2010-06-01 13:06:51 | 001,078,101 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\FD&KK summary.pdf
[2010-05-27 17:29:03 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TweetDeck.lnk
[2010-05-25 18:06:19 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CSI-Hard Evidence.lnk
[2010-05-20 14:30:05 | 000,307,985 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\CV_Carrier_Mc.pdf
[2010-05-20 13:44:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System\cmicnfg.ini
[2010-05-17 15:40:35 | 002,977,117 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Aliens Singing Happy Birthday To You.FLV
[2010-05-09 10:20:46 | 000,229,972 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\bookmarks.html
[2010-04-20 13:52:14 | 000,002,372 | ---- | C] () -- C:\Documents and Settings\owner\.powerupdate.user.properties
[2010-02-27 13:31:51 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010-02-10 21:38:53 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Antidote7.ini
[2009-10-12 11:19:02 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2009-10-03 21:42:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2009-09-16 20:20:22 | 000,000,350 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-09-14 20:32:20 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2009-09-13 15:53:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-09-13 14:40:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009-09-09 22:00:06 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-09-03 21:34:51 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009-07-30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008-05-26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006-07-13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2003-08-12 22:26:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003-03-28 14:31:52 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003-03-28 14:31:52 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003-03-28 14:31:46 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003-02-19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2009-12-05 09:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010-05-20 13:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009-09-08 21:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2009-12-24 16:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-07-01 13:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\BitTorrent
[2010-03-21 20:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\BitZipper
[2010-05-06 14:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\CmapTools
[2009-10-04 10:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009-10-12 11:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Druide
[2010-03-21 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\EurekaLog
[2009-12-21 19:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2009-10-04 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\IsolatedStorage
[2010-07-14 14:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\LANCITE
[2010-07-15 14:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\LimeWire
[2009-11-24 12:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Multi File Downloader
[2010-04-26 20:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PhotoFiltre
[2009-10-04 20:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PKWARE
[2010-07-12 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PrimoPDF
[2009-10-04 20:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Symyx
[2009-10-11 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009-12-03 16:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009-10-04 09:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Windows Desktop Search
[2009-10-25 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Windows Search
[2010-07-15 18:11:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9B3CFCB4-0221-49B2-A66B-4EF847C5375B}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009-09-02 22:14:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-09-03 21:42:26 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2003-04-24 08:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2009-09-02 22:14:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2001-09-05 21:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2009-09-02 22:14:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-10-31 16:09:10 | 000,009,322 | ---- | M] () -- C:\lopR.txt
[2009-09-02 22:14:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-09-03 21:39:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009-09-09 19:14:34 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010-07-15 16:54:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010-05-31 22:01:07 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010-07-15 15:40:22 | 000,002,648 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_15.07.2010_15.40.18_log.txt
[2010-07-15 15:51:56 | 000,002,648 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_15.07.2010_15.51.54_log.txt
[2003-03-12 13:50:11 | 000,000,140 | -H-- | M] () -- C:\WM800918.bin

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009-09-02 22:14:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-01-25 13:24:04 | 000,286,208 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.dll
[2008-07-06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008-12-08 21:42:48 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008-12-08 21:43:32 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2008-12-08 21:43:34 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009-09-02 17:49:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009-09-02 17:49:57 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009-09-02 17:49:57 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008-04-13 22:33:48 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=E853F84D3CE2FAA2A802E33CF89AC023 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008-04-13 22:33:49 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008-04-13 22:33:49 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=36A608BF354FCC64AD6C0F2B5E2B8806 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 07:02:47

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
-------------------------------------------------------------------------------------------------------------------------


OTL Log (2)-Extras.TXT
----------------------------
OTL Extras logfile created on: 2010-07-15 18:09:22 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\owner\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223,57 Gb Total Space | 178,25 Gb Free Space | 79,73% Space Free | Partition Type: NTFS
Drive D: | 152,66 Gb Total Space | 152,55 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" = C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Multi File Downloader\MultiFileDownloader.exe" = C:\Program Files\Multi File Downloader\MultiFileDownloader.exe:*:Disabled:Multi File Downloader -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe" = C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\QuickTime\QuickTimePlayer.exe" = C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01A50E64-C180-A651-5729-96BF128289D0}" = TweetDeck
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{10CDF671-AA99-4048-AFEF-0B3A209B55FA}" = ATIRW2
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45D228AA-4284-467A-9DB6-942B92BFF656}" = DVDDec
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = SAS10
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+™ for Windows® System - ATI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB}" = MMC86
"{BECEF2E4-0B0B-461A-AE80-CC569F028303}" = Symyx Draw
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D6A48C7F-A0F8-46A5-A1ED-F45A62FE93BF}" = Visuel intégré
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 8.1
"C-Media Audio Driver" = C-Media WDM Audio Driver
"CNXT_MODEM_PCI" = SoftV92 Data Fax Modem
"ERUNT_is1" = ERUNT 1.1j
"Fanfiction Downloader_is1" = Fanfiction Downloader v4.0.3
"Finale NotePad 2008" = Finale NotePad 2008
"ie8" = Windows Internet Explorer 8
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"InstallShield_{10CDF671-AA99-4048-AFEF-0B3A209B55FA}" = ATI Remote Wonder 2.0
"InstallShield_{45D228AA-4284-467A-9DB6-942B92BFF656}" = ATI DVD Decoder 2.2.0.0
"InstallShield_{752CA503-E29F-4610-A1A4-B21CDC58EF8D}" = AuthorScript Engine 1.0
"InstallShield_{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB}" = ATI Multimedia Center 8.6.0.0
"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO
"Le Corps humain" = Le Corps humain
"LimeWire" = LimeWire 5.5.7
"Little Ink Pot's Thredgeholder Plugin_is1" = Thredgeholder Plugin v 1.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# Redistributable Package 2.0
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Revo Uninstaller" = Revo Uninstaller 1.83
"SysInfo" = Creative System Information
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-06-29 18:49:36 | Computer Name = MCC | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 7.0.0.0, module défaillant
acrord32.dll, version 7.0.0.1333, adresse de défaillance 0x00064aad.

Error - 2010-06-29 18:49:51 | Computer Name = MCC | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 7.0.0.0, module défaillant
acrord32.dll, version 7.0.0.1333, adresse de défaillance 0x00064aad.

Error - 2010-07-02 20:58:10 | Computer Name = MCC | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.6856.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2010-07-02 20:58:46 | Computer Name = MCC | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1553673221.

Error - 2010-07-10 22:10:17 | Computer Name = MCC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6856.0, faulting module
hpzui4wm.dll, version 60.63.461.42, fault address 0x001d7e78.

Error - 2010-07-10 22:11:00 | Computer Name = MCC | Source = Microsoft Office 10 | ID = 1001
Description = Fault bucket 1951756440.

Error - 2010-07-13 00:43:44 | Computer Name = MCC | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\MARIE-CLAUDE
CARRIER\MES DOCUMENTS\WIDE AWAKE PRINT.DOC> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 2010-07-14 22:54:40 | Computer Name = MCC | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\MARIE-CLAUDE
CARRIER\MES DOCUMENTS\MES IMAGES\ROBSESSED =)\P'S VIDEO\WIDE AWAKE PART 1 COPY.JPG>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 2010-07-15 15:45:17 | Computer Name = MCC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\documents and settings\marie-claude
carrier\local settings\application data\sfdnnhfcm\aksoumytssd.exe by: TruScan scan.
Action: Leave Alone succeeded. Action Description: The file was left unchanged.



Error - 2010-07-15 15:56:42 | Computer Name = MCC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\documents and settings\marie-claude
carrier\local settings\application data\sfdnnhfcm\aksoumytssd.exe by: TruScan scan.
Action: Quarantine succeeded. Action Description: The file was quarantined successfully.



[ Application Events ]
Error - 2010-06-29 18:49:36 | Computer Name = MCC | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 7.0.0.0, module défaillant
acrord32.dll, version 7.0.0.1333, adresse de défaillance 0x00064aad.

Error - 2010-06-29 18:49:51 | Computer Name = MCC | Source = Application Error | ID = 1000
Description = Application défaillante acrord32.exe, version 7.0.0.0, module défaillant
acrord32.dll, version 7.0.0.1333, adresse de défaillance 0x00064aad.

Error - 2010-07-02 20:58:10 | Computer Name = MCC | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 10.0.6856.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2010-07-02 20:58:46 | Computer Name = MCC | Source = Application Hang | ID = 1001
Description = Détecteur d'erreurs 1553673221.

Error - 2010-07-10 22:10:17 | Computer Name = MCC | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.6856.0, faulting module
hpzui4wm.dll, version 60.63.461.42, fault address 0x001d7e78.

Error - 2010-07-10 22:11:00 | Computer Name = MCC | Source = Microsoft Office 10 | ID = 1001
Description = Fault bucket 1951756440.

Error - 2010-07-13 00:43:44 | Computer Name = MCC | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\MARIE-CLAUDE
CARRIER\MES DOCUMENTS\WIDE AWAKE PRINT.DOC> dans la configuration de hachage. Contexte
: Application , Catalogue SystemIndex Détails : Un périphérique attaché au système
ne fonctionne pas correctement. (0x8007001f)

Error - 2010-07-14 22:54:40 | Computer Name = MCC | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\MARIE-CLAUDE
CARRIER\MES DOCUMENTS\MES IMAGES\ROBSESSED =)\P'S VIDEO\WIDE AWAKE PART 1 COPY.JPG>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 2010-07-15 15:45:17 | Computer Name = MCC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\documents and settings\marie-claude
carrier\local settings\application data\sfdnnhfcm\aksoumytssd.exe by: TruScan scan.
Action: Leave Alone succeeded. Action Description: The file was left unchanged.



Error - 2010-07-15 15:56:42 | Computer Name = MCC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\documents and settings\marie-claude
carrier\local settings\application data\sfdnnhfcm\aksoumytssd.exe by: TruScan scan.
Action: Quarantine succeeded. Action Description: The file was quarantined successfully.



[ System Events ]
Error - 2010-07-15 16:39:48 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Management Client s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
1000 millisecondes : Redémarrer le service.

Error - 2010-07-15 16:39:49 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Event Manager s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
200 millisecondes : Redémarrer le service.

Error - 2010-07-15 16:39:49 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Settings Manager s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
100 millisecondes : Redémarrer le service.

Error - 2010-07-15 16:39:55 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## s'est
terminé de façon inattendue pour la 1ème fois.

Error - 2010-07-15 16:39:55 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service Creative Service for CDROM Access s'est terminé de façon
inattendue pour la 1ème fois.

Error - 2010-07-15 16:39:58 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service Machine Debug Manager s'est terminé de façon inattendue
pour la 1ème fois.

Error - 2010-07-15 16:39:58 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
la 1ème fois.

Error - 2010-07-15 16:39:58 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Endpoint Protection s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
10000 millisecondes : Redémarrer le service.

Error - 2010-07-15 18:09:38 | Computer Name = MCC | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 2010-07-15 18:09:38 | Computer Name = MCC | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2

[ System Events ]
Error - 2010-07-15 16:39:48 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Management Client s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
1000 millisecondes : Redémarrer le service.

Error - 2010-07-15 16:39:49 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Event Manager s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
200 millisecondes : Redémarrer le service.

Error - 2010-07-15 16:39:49 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Settings Manager s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
100 millisecondes : Redémarrer le service.

Error - 2010-07-15 16:39:55 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## s'est
terminé de façon inattendue pour la 1ème fois.

Error - 2010-07-15 16:39:55 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service Creative Service for CDROM Access s'est terminé de façon
inattendue pour la 1ème fois.

Error - 2010-07-15 16:39:58 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service Machine Debug Manager s'est terminé de façon inattendue
pour la 1ème fois.

Error - 2010-07-15 16:39:58 | Computer Name = MCC | Source = Service Control Manager | ID = 7034
Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
la 1ème fois.

Error - 2010-07-15 16:39:58 | Computer Name = MCC | Source = Service Control Manager | ID = 7031
Description = Le service Symantec Endpoint Protection s'est terminé de manière inattendue.
Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans
10000 millisecondes : Redémarrer le service.

Error - 2010-07-15 18:09:38 | Computer Name = MCC | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 2010-07-15 18:09:38 | Computer Name = MCC | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2


< End of report >
--------------------------------------------------------------------------------------------------------------------------------



ComboFix Log
------------------
ComboFix 10-07-15.03 - Owner 2010-07-16 1:11.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2048.1592 [GMT -4:00]
Lancé depuis: c:\documents and settings\Owner\Bureau\george.exe.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\EurekaLog

Une copie infectée de c:\windows\system32\drivers\pci.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :)
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-06-16 au 2010-07-16 ))))))))))))))))))))))))))))))))))))
.

2010-07-15 19:06 . 2010-07-15 19:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\sfdnnhfcm
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\windows\XSxS
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\program files\Xenocode
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Xenocode
2010-07-14 18:35 . 2010-07-14 18:35 5147081 ----a-w- c:\documents and settings\Owner\Application Data\LANCITE\ClipShell\ClipShell.exe
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\documents and settings\Owner\Application Data\LANCITE
2010-07-14 05:14 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 03:22 . 2010-07-07 03:22 -------- d-----w- C:\PSFONTS
2010-06-30 14:45 . 2010-07-01 17:08 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2010-06-24 16:04 . 2010-06-24 16:04 -------- d-----w- c:\program files\Fanfiction Downloader

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 04:44 . 2010-07-16 04:07 -------- d-----w- c:\program files\Panda Security
2010-07-16 04:10 . 2010-07-16 03:55 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan
2010-07-15 20:39 . 2003-04-24 12:00 93612 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-15 20:39 . 2003-04-24 12:00 533158 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-15 18:08 . 2009-12-11 00:14 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-07-13 21:42 . 2010-01-10 21:44 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-07-13 00:04 . 2010-02-27 17:34 -------- d-----w- c:\documents and settings\Owner\Application Data\PrimoPDF
2010-07-11 08:38 . 2010-01-31 09:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-10 18:37 . 2009-10-04 13:16 30216 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 16:37 . 2010-03-19 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-23 15:12 . 2009-10-04 14:19 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-06-14 14:31 . 2009-09-03 02:12 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-10 03:22 . 2009-09-13 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC
2010-06-05 14:19 . 2010-06-05 14:19 -------- d-----w- c:\program files\eXpress IP Locator
2010-06-02 23:59 . 2008-06-20 03:12 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-01 02:01 . 2009-10-04 18:01 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI MMC
2010-05-31 20:34 . 2010-07-16 03:55 702120 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 20:34 . 2010-07-16 03:55 868456 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-27 21:29 . 2010-05-27 21:29 -------- d-----w- c:\program files\TweetDeck
2010-05-27 20:18 . 2009-12-21 23:58 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-25 22:02 . 2010-05-25 22:02 -------- d-----w- c:\program files\Ubisoft
2010-05-25 22:02 . 2009-09-04 00:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 22:02 . 2010-05-25 22:02 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-05-23 08:38 . 2010-05-23 08:38 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47ea6afe-n\msvcr71.dll
2010-05-23 08:38 . 2010-05-23 08:38 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47ea6afe-n\msvcp71.dll
2010-05-23 08:38 . 2010-05-23 08:38 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47ea6afe-n\jmc.dll
2010-05-23 08:38 . 2010-05-23 08:38 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14af45cc-n\decora-sse.dll
2010-05-23 08:38 . 2010-05-23 08:38 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14af45cc-n\decora-d3d.dll
2010-05-20 17:44 . 2009-10-05 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-05-20 16:11 . 2009-10-04 18:38 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-19 02:09 . 2009-12-19 21:34 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2010-05-09 00:13 . 2010-05-09 00:13 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 10:33 . 2003-04-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:08 . 2003-04-24 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-04-24 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-12-15 21:59 . 2009-12-09 17:17 119312 ----a-w- c:\program files\mozilla firefox\components\facefeaaafc.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"ATI Scheduler"="c:\program files\ATI Multimedia\main\ATISched.EXE" [2003-09-02 41038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
"agentantidote.exe"="c:\program files\Druide\Antidote 7\Programmes32\agentantidote.exe" [2010-01-28 617152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

c:\documents and settings\Owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-02 102448]
S2 ffefeebdbafbfcdef;7f84e359da3c257428b190486478ab52;c:\windows\ffefeebdbafbfcdef.exe /s --> c:\windows\ffefeebdbafbfcdef.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
.
Contenu du dossier 'Tâches planifiées'

2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{9B3CFCB4-0221-49B2-A66B-4EF847C5375B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {B44EB6D9-65AA-4F0A-BD38-AC7CC3CD610A} = 192.168.1.1
TCP: {C84135E1-2B42-4B53-BD92-7E3DC1A9806D} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-BHR - c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 01:18
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1180)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-07-16 01:20:20
ComboFix-quarantined-files.txt 2010-07-16 05:20

Avant-CF: 191 025 643 520 octets libres
Après-CF: 191 006 396 416 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

- - End Of File - - ED3200561B5BA6317A48F8C9D9F7A2DA
-----------------------------------------------------------------------------------------------------------------------------------
  • 0

#4
RKinner
Posted 16 July 2010 - 12:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
Correct. Some anti-viruses will attach Combofix which is why we tell you to pause them. Of course when it reboots the anti-virus comes back on so you may get a warning from your anti-virus.

Uninstall
"LimeWire" = LimeWire 5.5.7

Copy the text in the code box by highlighting and Ctrl + c 

:OTL
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe -- (x10nets)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\ffefeebdbafbfcdef.exe -- (ffefeebdbafbfcdef)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Cmaudio] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O32 - AutoRun File - [2007-09-14 06:00:36 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007-09-11 08:57:21 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{c87373c9-9800-11de-bf60-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c87373c9-9800-11de-bf60-806d6172696f}\Shell\AutoRun\command - "" = E:\AutoRun/AutoRun.bat -- [2007-09-11 08:57:23 | 000,000,032 | R--- | M] ()
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\ffefeebdbafbfcdef.exe

Driver::
ffefeebdbafbfcdef
Folder::
c:\documents and settings\Owner\Local Settings\Application Data\sfdnnhfcm

RootKit::
c:\windows\ffefeebdbafbfcdef.exe


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Run the free on-line scan from Bitdefender:

Copy the next line by highlighting and ctrl + c

http://www.bitdefend...nline/free.html

Close all programs and browsers. Start either IE or Firefox. Then click on the area where you put in the URL and paste (Ctrl + v). The line you copied should appear. Hit Enter. Do not run other programs or tabs while the scan is running. Copy and paste the report you get into a reply.

Ron
  • 0

#5
rktac
Posted 16 July 2010 - 09:50 AM

rktac

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi!
Again, thank you for your help.

I followed the steps you indicated :

1) I uninstalled LimeWire with Revo Uninstaller (Recommended by the PC World magazine)
2) I ran OTL with the code you provided - See the log below
3) I ran the OTL quick scan - See the log below
4) I made the note pad document with the text you provided, and ran ComboFix by draggin the aforementioned files on George.exe - See the log below (my computer restarted automatically while ComboFix was running, is that normal?)
5) I ran the BitDefender Online scan - See the log below



OTL log - the one after I used the code you provided
-----------------------------------------------------------------
All processes killed
========== OTL ==========
Service x10nets stopped successfully!
Service x10nets deleted successfully!
File C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service ffefeebdbafbfcdef stopped successfully!
Service ffefeebdbafbfcdef deleted successfully!
File C:\WINDOWS\ffefeebdbafbfcdef.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cmaudio not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c87373c9-9800-11de-bf60-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c87373c9-9800-11de-bf60-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c87373c9-9800-11de-bf60-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c87373c9-9800-11de-bf60-806d6172696f}\ not found.
File move failed. E:\AutoRun/AutoRun.bat scheduled to be moved on reboot.
HidServ removed from NetSvcs value successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jocelyne Houle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: owner

User: owner
->Temp folder emptied: 151022 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 79946400 bytes
->Flash cache emptied: 1348 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 615 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07162010_105449

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun/AutoRun.bat scheduled to be moved on reboot.

Registry entries deleted on Reboot...


--------------------------------------------------------------------------------------------





OTL Log - Quick Scan
-----------------------------
OTL logfile created on: 2010-07-16 11:02:44 - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\owner\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223,57 Gb Total Space | 178,00 Gb Free Space | 79,62% Space Free | Partition Type: NTFS
Drive D: | 152,66 Gb Total Space | 152,55 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive E: | 1,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCC
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-07-16 10:53:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
PRC - [2010-01-27 23:16:02 | 000,617,152 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe
PRC - [2010-01-11 16:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2008-12-08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008-12-08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008-12-08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008-08-14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2008-08-14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
PRC - [2008-05-26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-11-20 22:12:27 | 003,297,280 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2007-11-06 12:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
PRC - [2007-07-17 12:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2004-12-14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003-09-02 06:42:40 | 000,041,038 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\AtiSched.exe
PRC - [2003-06-20 03:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2010-07-16 10:53:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
MOD - [2008-04-13 22:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009-12-03 18:36:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-12-08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008-12-08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008-12-08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008-08-14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008-08-14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008-06-30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2003-06-20 03:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010-07-14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100715.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010-07-14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20100715.003\NAVENG.SYS -- (NAVENG)
DRV - [2010-06-02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010-05-27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010-05-27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-02-17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009-09-03 22:42:30 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008-12-08 21:45:28 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008-12-08 21:43:46 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008-11-18 18:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008-10-14 11:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008-10-13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008-10-13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008-10-13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008-08-21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008-08-21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008-06-16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008-04-13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008-04-13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008-03-06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007-07-28 02:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2004-08-04 01:31:34 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003-08-26 16:25:14 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003-08-26 16:24:06 | 000,675,840 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003-08-26 16:22:34 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003-08-12 22:34:28 | 000,594,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003-08-06 17:44:24 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003-08-06 17:44:11 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003-08-06 17:41:07 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003-08-06 17:39:59 | 000,063,488 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003-08-06 17:39:05 | 000,051,712 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003-08-06 17:35:20 | 000,056,832 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2003-07-14 09:49:04 | 000,254,868 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003-03-25 17:50:46 | 000,004,096 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002-11-06 05:48:34 | 000,136,448 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
DRV - [2002-10-17 15:14:46 | 000,049,024 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002-08-20 17:19:08 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2001-08-17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001-08-17 16:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001-08-17 16:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001-08-17 16:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001-08-17 16:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001-08-17 16:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001-08-17 16:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001-08-17 16:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001-08-17 16:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001-08-17 16:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 31 E5 BE F8 44 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.38
FF - prefs.js..extensions.enabledItems: [email protected]:1.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-06-28 10:59:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-07-15 16:04:27 | 000,000,000 | ---D | M]

[2009-12-26 15:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2009-12-21 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\[email protected]
[2010-07-16 02:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions
[2010-04-27 19:33:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-04-20 17:52:54 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2010-01-06 18:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\[email protected]
[2010-05-13 11:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\[email protected]
[2010-07-16 02:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-12-15 17:59:21 | 000,119,312 | ---- | M] (none) -- C:\Program Files\Mozilla Firefox\components\facefeaaafc.dll
[2010-01-15 21:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-01-15 21:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-01-15 21:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-01-15 21:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-03-23 22:05:14 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2003-04-24 08:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\AtiSched.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\owner\Menu Démarrer\Programmes\Démarrage\Registration .LNK = C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (ATI Technologies Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252027187253 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-02 22:14:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-09-14 06:00:36 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007-09-11 08:57:21 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010-07-16 10:54:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-07-16 10:54:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-07-16 10:53:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
[2010-07-16 01:05:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-07-16 01:02:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-07-16 01:02:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-07-16 01:02:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-07-16 01:02:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-07-16 01:02:21 | 000,000,000 | ---D | C] -- C:\george.exe
[2010-07-16 01:01:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-07-16 00:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010-07-15 23:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\QuickScan
[2010-07-15 17:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010-07-15 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010-07-15 16:59:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-07-15 15:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\sfdnnhfcm
[2010-07-14 14:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
[2010-07-14 14:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2010-07-14 14:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Xenocode
[2010-07-14 14:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\LANCITE
[2010-07-13 17:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Music for Tamie
[2010-07-06 23:22:00 | 000,000,000 | ---D | C] -- C:\PSFONTS
[2010-06-24 12:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Fanfiction Downloader
[2010-06-23 12:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Downloads
[2010-06-05 10:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\eXpress IP Locator
[2010-06-02 10:59:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Photos à faire développer
[2010-05-27 17:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010-05-27 12:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\Pauline Playlist
[2010-05-26 16:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\23 mai 2010-2
[2010-05-26 16:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Mes documents\23 mai 2010-1
[2010-05-25 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010-05-25 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\InstallShield
[2010-05-17 09:57:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010-05-05 19:45:44 | 000,517,632 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010-04-26 20:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\PhotoFiltre
[2010-04-20 13:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\CmapTools
[2010-04-20 13:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\CmapToolsLogs
[2010-04-20 13:50:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010-04-20 13:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\IHMC CmapTools
[2010-04-20 13:49:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\owner\InstallAnywhere

========== Files - Modified Within 90 Days ==========

[2010-07-16 11:06:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9B3CFCB4-0221-49B2-A66B-4EF847C5375B}.job
[2010-07-16 10:59:59 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-16 10:57:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-16 10:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-16 10:55:06 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\owner\NTUSER.DAT
[2010-07-16 10:55:06 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010-07-16 10:54:53 | 000,533,158 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010-07-16 10:54:53 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-07-16 10:54:53 | 000,093,612 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010-07-16 10:54:53 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-07-16 10:54:52 | 001,154,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-07-16 10:53:40 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\Bureau\OTL.exe
[2010-07-16 01:18:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-16 01:05:31 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010-07-16 00:58:57 | 003,737,805 | R--- | M] () -- C:\Documents and Settings\owner\Bureau\george.exe.exe
[2010-07-16 00:34:08 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\owner\Bureau\Revo Uninstaller.lnk
[2010-07-15 13:39:44 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\fanfic I have in pdf or Word doc.doc
[2010-07-15 10:45:47 | 003,399,168 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence.doc
[2010-07-14 19:02:53 | 000,054,632 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\viewer.png
[2010-07-14 17:05:53 | 007,168,000 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Emancipation_Proclamation_by_Kharizzmatik.doc
[2010-07-14 16:47:27 | 007,165,952 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\emancipation proclamation.doc
[2010-07-14 03:00:33 | 000,000,613 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-13 23:30:39 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\knowing me.doc
[2010-07-13 20:22:24 | 009,218,986 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\twilight Neutron Star Collision (Love is Forever).MP3
[2010-07-13 20:22:24 | 009,021,981 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\01 - Metric - Eclipse (All Yours).mp3
[2010-07-13 13:09:29 | 003,664,224 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\David Usher - Black Black Heart.mp3
[2010-07-13 02:09:27 | 004,620,981 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Tchaikovsky - Symphony No. 8 (Third Movement) (Mozart,Bach,Beethoven,Chopin,Brahms,Handel,Vivaldi,Strauss,Grieg,Tchaikovsky).m
p3
[2010-07-13 02:09:21 | 004,574,201 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Chopin - Nocturne for Piano No 9.mp3
[2010-07-13 01:33:52 | 003,345,920 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.doc
[2010-07-12 21:06:00 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\WACover.doc
[2010-07-12 20:04:36 | 005,169,266 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.pdf
[2010-07-11 04:38:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-07-10 23:52:04 | 001,655,296 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence (2).doc
[2010-07-10 19:25:11 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\owner\Mes documents\~$pie de Wide Awake.doc
[2010-07-10 19:25:02 | 005,099,008 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake.doc
[2010-07-10 19:25:02 | 005,099,008 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Copie de Wide Awake.doc
[2010-07-10 19:05:10 | 000,030,216 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\GDIPFONTCACHEV1.DAT
[2010-07-10 14:55:17 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\owner\Mes documents\~$eaking the Silence.doc
[2010-07-10 14:37:45 | 000,030,216 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-07-10 14:37:27 | 000,001,189 | ---- | M] () -- C:\Documents and Settings\owner\Menu Démarrer\Programmes\Démarrage\Registration .LNK
[2010-07-10 14:36:43 | 001,452,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-08 17:33:52 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\fanfiction list.doc
[2010-07-07 23:09:02 | 000,137,144 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Untiteled - Simple Plan.pdf
[2010-07-07 23:06:51 | 000,131,115 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\My Decemeber - Linkin Park.pdf
[2010-07-07 23:06:33 | 000,131,115 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\My D.pdf
[2010-07-06 18:03:21 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Liste Appartement.doc
[2010-07-02 21:46:11 | 001,837,568 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\With Teeth.doc
[2010-07-01 19:00:38 | 005,018,048 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Bal & Graduation 2010 # 2.zip
[2010-07-01 19:00:35 | 009,397,566 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Graduation & Bal 2010.zip
[2010-07-01 14:23:13 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-24 20:33:54 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_3.bmp
[2010-06-24 20:24:27 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_2.bmp
[2010-06-24 20:08:55 | 004,383,302 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_1.bmp
[2010-06-23 15:35:38 | 003,490,038 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\15-howard_shore-jacob's_theme.mp3
[2010-06-23 15:19:20 | 000,009,524 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\Folder.jpg
[2010-06-23 15:19:20 | 000,002,442 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\AlbumArtSmall.jpg
[2010-06-23 12:41:14 | 004,036,043 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\01 - Opening.mp3
[2010-06-23 12:40:42 | 000,009,524 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Large.jpg
[2010-06-23 12:40:42 | 000,002,442 | -HS- | M] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Small.jpg
[2010-06-23 12:35:57 | 013,603,997 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\06 - Morning Montage.mp3
[2010-06-23 12:35:55 | 011,916,161 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\03 - I Know You Can Hear Me.mp3
[2010-06-23 12:35:51 | 011,629,546 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\10 - Remember Me.mp3
[2010-06-23 12:35:48 | 004,048,311 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\02 - Summer.mp3
[2010-06-23 12:35:45 | 004,073,152 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\09 - Caroline.mp3
[2010-06-23 12:35:43 | 007,853,240 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\08 - Craig Worries.mp3
[2010-06-23 12:35:40 | 008,695,581 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\12 - Don't Be A Stranger.mp3
[2010-06-23 12:35:26 | 005,229,139 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\11 - Subway Ride.mp3
[2010-06-23 12:35:18 | 003,876,474 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\07 - Wake Up Call.mp3
[2010-06-23 12:34:03 | 002,860,532 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\05 - Angry Ride.mp3
[2010-06-23 12:33:46 | 003,122,465 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\04 - Tyler.mp3
[2010-06-13 10:14:39 | 000,034,836 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\ProduireSpecimenCheque.pdf
[2010-06-11 03:15:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-09 20:28:49 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\liste apart.doc
[2010-06-07 17:04:00 | 000,320,512 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Material Inventory Requisition.doc
[2010-06-07 12:33:03 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\CV_Carrier_Mc.doc
[2010-06-07 00:45:57 | 003,769,096 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Falling for You.rtf
[2010-06-05 17:11:31 | 001,881,088 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\LoL.doc
[2010-06-05 17:09:37 | 000,079,751 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\SafeRedirect.aspx
[2010-06-03 14:47:18 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\owner\Mes documents\~$lling for You.rtf
[2010-06-02 23:40:22 | 000,137,623 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Document1.pdf
[2010-06-02 19:59:06 | 000,161,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010-06-01 13:06:51 | 001,078,101 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\FD&KK summary.pdf
[2010-05-31 22:01:07 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010-05-27 17:29:03 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TweetDeck.lnk
[2010-05-25 18:07:28 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CSI-Hard Evidence.lnk
[2010-05-22 09:42:55 | 000,307,985 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\CV_Carrier_Mc.pdf
[2010-05-20 13:44:13 | 000,000,035 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010-05-17 15:41:11 | 002,977,117 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\Aliens Singing Happy Birthday To You.FLV
[2010-05-09 10:20:47 | 000,229,972 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\bookmarks.html
[2010-05-03 14:09:00 | 000,450,836 | ---- | M] () -- C:\Documents and Settings\owner\Mes documents\TouchingLetters.ttf
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-20 13:52:16 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\owner\.powerupdate.user.properties

========== Files Created - No Company Name ==========

[2010-07-16 10:50:48 | 004,574,201 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Chopin - Nocturne for Piano No 9.mp3
[2010-07-16 10:50:47 | 003,664,224 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\David Usher - Black Black Heart.mp3
[2010-07-16 10:50:47 | 003,490,038 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\15-howard_shore-jacob's_theme.mp3
[2010-07-16 10:50:46 | 009,218,986 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\twilight Neutron Star Collision (Love is Forever).MP3
[2010-07-16 10:50:46 | 009,021,981 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\01 - Metric - Eclipse (All Yours).mp3
[2010-07-16 10:50:46 | 004,620,981 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Tchaikovsky - Symphony No. 8 (Third Movement) (Mozart,Bach,Beethoven,Chopin,Brahms,Handel,Vivaldi,Strauss,Grieg,Tchaikovsky).m
p3
[2010-07-16 01:05:30 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010-07-16 01:05:27 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010-07-16 01:02:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-07-16 01:02:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-07-16 01:02:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-07-16 01:02:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-07-16 01:02:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-07-16 00:58:50 | 003,737,805 | R--- | C] () -- C:\Documents and Settings\owner\Bureau\george.exe.exe
[2010-07-14 19:02:52 | 000,054,632 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\viewer.png
[2010-07-14 16:47:52 | 007,168,000 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Emancipation_Proclamation_by_Kharizzmatik.doc
[2010-07-13 18:28:55 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\knowing me.doc
[2010-07-12 20:43:09 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\WACover.doc
[2010-07-12 20:04:36 | 005,169,266 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.pdf
[2010-07-12 10:56:59 | 000,148,896 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Bleeding_Cowboys.ttf
[2010-07-12 10:54:32 | 003,345,920 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake print.doc
[2010-07-10 23:52:01 | 001,655,296 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence (2).doc
[2010-07-10 19:25:11 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\owner\Mes documents\~$pie de Wide Awake.doc
[2010-07-10 19:25:10 | 005,099,008 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Copie de Wide Awake.doc
[2010-07-10 14:55:17 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\owner\Mes documents\~$eaking the Silence.doc
[2010-07-07 23:09:02 | 000,137,144 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Untiteled - Simple Plan.pdf
[2010-07-07 23:06:51 | 000,131,115 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\My Decemeber - Linkin Park.pdf
[2010-07-07 23:06:32 | 000,131,115 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\My D.pdf
[2010-07-06 18:03:21 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Liste Appartement.doc
[2010-07-05 13:12:47 | 003,399,168 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Breaking the Silence.doc
[2010-07-05 12:44:54 | 000,450,836 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\TouchingLetters.ttf
[2010-07-02 20:59:08 | 001,837,568 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\With Teeth.doc
[2010-07-02 15:08:54 | 000,017,472 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\hwfont.ttf
[2010-07-01 19:00:47 | 009,397,566 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Graduation & Bal 2010.zip
[2010-07-01 19:00:47 | 005,018,048 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Bal & Graduation 2010 # 2.zip
[2010-06-28 00:45:54 | 005,099,008 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Wide Awake.doc
[2010-06-27 22:03:19 | 000,030,244 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\edo.ttf
[2010-06-27 22:02:22 | 000,148,896 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Bleeding Cowboys.ttf
[2010-06-24 20:33:54 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_3.bmp
[2010-06-24 20:24:26 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_2.bmp
[2010-06-24 20:08:55 | 004,383,302 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Demande_bourse_1.bmp
[2010-06-23 12:40:42 | 000,009,524 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Large.jpg
[2010-06-23 12:40:42 | 000,002,442 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\AlbumArt_{6F9F218C-AD7B-4640-9754-DB6655C349C9}_Small.jpg
[2010-06-23 12:40:26 | 000,009,524 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\Folder.jpg
[2010-06-23 12:40:26 | 000,002,442 | -HS- | C] () -- C:\Documents and Settings\owner\Mes documents\AlbumArtSmall.jpg
[2010-06-23 12:21:09 | 004,036,043 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\01 - Opening.mp3
[2010-06-23 12:18:06 | 003,876,474 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\07 - Wake Up Call.mp3
[2010-06-23 12:17:48 | 003,122,465 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\04 - Tyler.mp3
[2010-06-23 12:16:59 | 007,853,240 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\08 - Craig Worries.mp3
[2010-06-23 12:16:54 | 004,073,152 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\09 - Caroline.mp3
[2010-06-23 12:16:52 | 004,048,311 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\02 - Summer.mp3
[2010-06-23 12:16:49 | 011,629,546 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\10 - Remember Me.mp3
[2010-06-23 12:16:46 | 008,695,581 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\12 - Don't Be A Stranger.mp3
[2010-06-23 12:16:39 | 002,860,532 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\05 - Angry Ride.mp3
[2010-06-23 12:16:35 | 013,603,997 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\06 - Morning Montage.mp3
[2010-06-23 12:16:32 | 005,229,139 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\11 - Subway Ride.mp3
[2010-06-23 12:16:29 | 011,916,161 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\03 - I Know You Can Hear Me.mp3
[2010-06-13 10:14:39 | 000,034,836 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\ProduireSpecimenCheque.pdf
[2010-06-10 10:36:42 | 007,165,952 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\emancipation proclamation.doc
[2010-06-10 10:27:12 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\owner\Menu Démarrer\Programmes\Démarrage\Registration .LNK
[2010-06-09 20:28:49 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\liste apart.doc
[2010-06-08 23:25:07 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\fanfiction list.doc
[2010-06-08 18:47:16 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\fanfic I have in pdf or Word doc.doc
[2010-06-07 16:31:40 | 000,320,512 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Material Inventory Requisition.doc
[2010-06-05 17:11:31 | 001,881,088 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\LoL.doc
[2010-06-05 17:09:36 | 000,079,751 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\SafeRedirect.aspx
[2010-06-03 14:47:18 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\owner\Mes documents\~$lling for You.rtf
[2010-06-03 10:31:03 | 003,769,096 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Falling for You.rtf
[2010-06-02 23:40:20 | 000,137,623 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Document1.pdf
[2010-06-01 13:06:51 | 001,078,101 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\FD&KK summary.pdf
[2010-05-27 17:29:03 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TweetDeck.lnk
[2010-05-25 18:06:19 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CSI-Hard Evidence.lnk
[2010-05-20 14:30:05 | 000,307,985 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\CV_Carrier_Mc.pdf
[2010-05-20 13:44:13 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System\cmicnfg.ini
[2010-05-17 15:40:35 | 002,977,117 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\Aliens Singing Happy Birthday To You.FLV
[2010-05-09 10:20:46 | 000,229,972 | ---- | C] () -- C:\Documents and Settings\owner\Mes documents\bookmarks.html
[2010-04-20 13:52:14 | 000,002,372 | ---- | C] () -- C:\Documents and Settings\owner\.powerupdate.user.properties
[2010-02-27 13:31:51 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010-02-10 21:38:53 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Antidote7.ini
[2009-10-12 11:19:02 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2009-10-03 21:42:31 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\hppapr02.dll
[2009-09-16 20:20:22 | 000,000,350 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009-09-14 20:32:20 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2009-09-13 15:53:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-09-13 14:40:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009-09-09 22:00:06 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-09-03 21:34:51 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009-07-30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008-05-26 22:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 22:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 22:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006-07-13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2003-08-12 22:26:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003-03-28 14:31:52 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003-03-28 14:31:52 | 000,013,601 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003-03-28 14:31:46 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003-02-19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2009-12-05 09:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010-05-20 13:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009-09-08 21:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2009-12-24 16:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-05-06 14:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\CmapTools
[2009-10-04 10:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009-10-12 11:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Druide
[2009-12-21 19:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\GetRightToGo
[2009-10-04 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\IsolatedStorage
[2010-07-14 14:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\LANCITE
[2009-11-24 12:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Multi File Downloader
[2010-04-26 20:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PhotoFiltre
[2009-10-04 20:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PKWARE
[2010-07-12 20:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\PrimoPDF
[2010-07-16 02:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\QuickScan
[2009-10-04 20:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Symyx
[2009-10-11 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009-12-03 16:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009-10-04 09:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Windows Desktop Search
[2009-10-25 14:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Windows Search
[2010-07-16 11:06:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9B3CFCB4-0221-49B2-A66B-4EF847C5375B}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

----------------------------------------------------------------------------------------------------------------







ComboFix Log - Used with the code you provided
------------------------------------------------
ComboFix 10-07-15.03 - owner 2010-07-16 11:12:06.2.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.2048.1539 [GMT -4:00]
Lancé depuis: c:\documents and settings\owner\Bureau\george.exe.exe
Commutateurs utilisés :: c:\documents and settings\owner\Bureau\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\ffefeebdbafbfcdef.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\owner\Local Settings\Application Data\sfdnnhfcm

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-06-16 au 2010-07-16 ))))))))))))))))))))))))))))))))))))
.

2010-07-16 14:54 . 2010-07-16 14:54 -------- d-----w- C:\_OTL
2010-07-16 05:02 . 2010-07-16 05:20 -------- d-----w- C:\george.exe
2010-07-16 04:07 . 2010-07-16 04:44 -------- d-----w- c:\program files\Panda Security
2010-07-16 03:55 . 2010-07-16 06:13 -------- d-----w- c:\documents and settings\owner\Application Data\QuickScan
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\windows\XSxS
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\program files\Xenocode
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Xenocode
2010-07-14 18:35 . 2010-07-14 18:35 5147081 ----a-w- c:\documents and settings\owner\Application Data\LANCITE\ClipShell\ClipShell.exe
2010-07-14 18:35 . 2010-07-14 18:35 -------- d-----w- c:\documents and settings\owner\Application Data\LANCITE
2010-07-14 05:14 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 03:22 . 2010-07-07 03:22 -------- d-----w- C:\PSFONTS
2010-06-24 16:04 . 2010-06-24 16:04 -------- d-----w- c:\program files\Fanfiction Downloader

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 14:54 . 2003-04-24 12:00 93612 ----a-w- c:\windows\system32\perfc00C.dat
2010-07-16 14:54 . 2003-04-24 12:00 533158 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-13 21:42 . 2010-01-10 21:44 -------- d-----w- c:\documents and settings\owner\Application Data\vlc
2010-07-13 00:04 . 2010-02-27 17:34 -------- d-----w- c:\documents and settings\owner\Application Data\PrimoPDF
2010-07-11 08:38 . 2010-01-31 09:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-10 18:37 . 2009-10-04 13:16 30216 ----a-w- c:\documents and settings\owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 16:37 . 2010-03-19 23:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-23 15:12 . 2009-10-04 14:19 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR
2010-06-14 14:31 . 2009-09-03 02:12 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-10 03:22 . 2009-09-13 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI MMC
2010-06-05 14:19 . 2010-06-05 14:19 -------- d-----w- c:\program files\eXpress IP Locator
2010-06-02 23:59 . 2008-06-20 03:12 161920 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-01 02:01 . 2009-10-04 18:01 -------- d-----w- c:\documents and settings\owner\Application Data\ATI MMC
2010-05-27 21:29 . 2010-05-27 21:29 -------- d-----w- c:\program files\TweetDeck
2010-05-27 20:18 . 2009-12-21 23:58 117760 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-25 22:02 . 2010-05-25 22:02 -------- d-----w- c:\program files\Ubisoft
2010-05-25 22:02 . 2009-09-04 00:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 22:02 . 2010-05-25 22:02 -------- d-----w- c:\documents and settings\owner\Application Data\InstallShield
2010-05-23 08:38 . 2010-05-23 08:38 348160 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47ea6afe-n\msvcr71.dll
2010-05-23 08:38 . 2010-05-23 08:38 503808 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47ea6afe-n\msvcp71.dll
2010-05-23 08:38 . 2010-05-23 08:38 499712 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-47ea6afe-n\jmc.dll
2010-05-23 08:38 . 2010-05-23 08:38 61440 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14af45cc-n\decora-sse.dll
2010-05-23 08:38 . 2010-05-23 08:38 12800 ----a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-14af45cc-n\decora-d3d.dll
2010-05-20 17:44 . 2009-10-05 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2010-05-20 16:11 . 2009-10-04 18:38 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-19 02:09 . 2009-12-19 21:34 -------- d-----w- c:\documents and settings\owner\Application Data\dvdcss
2010-05-09 00:13 . 2010-05-09 00:13 52224 ----a-w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 10:33 . 2003-04-24 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:08 . 2003-04-24 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2003-04-24 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-12-15 21:59 . 2009-12-09 17:17 119312 ----a-w- c:\program files\mozilla firefox\components\facefeaaafc.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((( [email protected]_05.18.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-16 15:20 . 2010-07-16 15:20 16384 c:\windows\temp\Perflib_Perfdata_7b8.dat
+ 2003-04-24 12:00 . 2010-07-16 14:54 71196 c:\windows\system32\perfc009.dat
- 2003-04-24 12:00 . 2010-07-15 20:39 71196 c:\windows\system32\perfc009.dat
+ 2003-04-24 12:00 . 2010-07-16 14:54 441260 c:\windows\system32\perfh009.dat
- 2003-04-24 12:00 . 2010-07-15 20:39 441260 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"ATI Scheduler"="c:\program files\ATI Multimedia\main\ATISched.EXE" [2003-09-02 41038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-13 335872]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-01-11 246504]
"agentantidote.exe"="c:\program files\Druide\Antidote 7\Programmes32\agentantidote.exe" [2010-01-28 617152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

c:\documents and settings\owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

c:\documents and settings\owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

c:\documents and settings\owner\Menu D‚marrer\Programmes\D‚marrage\
Registration .LNK - c:\program files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe [2010-5-25 962560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-02 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
.
Contenu du dossier 'Tâches planifiées'

2010-07-16 c:\windows\Tasks\User_Feed_Synchronization-{9B3CFCB4-0221-49B2-A66B-4EF847C5375B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {B44EB6D9-65AA-4F0A-BD38-AC7CC3CD610A} = 192.168.1.1
TCP: {C84135E1-2B42-4B53-BD92-7E3DC1A9806D} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 11:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2992)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Fichiers communs\Symantec Shared\ccSvcHst.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
.
**************************************************************************
.
Heure de fin: 2010-07-16 11:30:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-07-16 15:30
ComboFix2.txt 2010-07-16 05:20

Avant-CF: 191 102 537 728 octets libres
Après-CF: 191 087 939 584 octets libres

- - End Of File - - 6BAA0E07188BAF5868230C9C4C261343

---------------------------------------------------------------------------------------------------------------





BitDefender Log
-------------------
QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Fri Jul 16 11:33:43 2010
Machine ID: 94D729D6

C:\Program Files\Mozilla Firefox - could not be accessed


No infection found.
-------------------



Processes
---------
<unsigned> ATI Multimedia Center 1864 C:\Program Files\ATI Multimedia\main\ATISched.EXE
<unsigned> Creative Media Explorer Detector 3112 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
<unsigned> Creative Sync Manager 1308 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
<unsigned> Google Talk 2276 C:\Program Files\Google\Google Talk\googletalk.exe

<verified> AgentAntidote 3952 C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe
<verified> ATI Desktop Component 3184 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
<verified> Ati2evxx.exe 1412 C:\WINDOWS\system32\Ati2evxx.exe
<verified> Ati2evxx.exe 3352 C:\WINDOWS\system32\Ati2evxx.exe
<verified> Bonjour 928 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Creative Service for CDROM Access 1908 C:\WINDOWS\system32\CTsvcCDA.exe
<verified> Firefox 1132 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> Java™ Platform SE 6 U18 1976 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE Auto Updater 2 0 3896 C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
<verified> Microsoft® Visual Studio .NET 152 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
<verified> Microsoft® Windows® Operating System 3180 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
<verified> Microsoft® Windows® Operating System 2532 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 1152 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 1244 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 864 C:\WINDOWS\system32\SearchIndexer.exe
<verified> Microsoft® Windows® Operating System 1056 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1964 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2028 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 496 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 724 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1432 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1484 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1680 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1716 C:\WINDOWS\system32\svchost.exe
<verified> Symantec AntiVirus 588 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
<verified> Symantec Client Management Component 1924 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
<verified> Symantec Client Management Component 3452 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
<verified> Symantec Security Technologies 3140 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
<verified> Symantec Security Technologies 572 C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
<verified> Système d'exploitation Microsoft® Windo 2992 C:\WINDOWS\explorer.exe
<verified> Système d'exploitation Microsoft® Windo 1232 C:\WINDOWS\system32\services.exe
<verified> Système d'exploitation Microsoft® Windo 1096 C:\WINDOWS\System32\smss.exe
<verified> Système d'exploitation Microsoft® Windo 2412 C:\WINDOWS\System32\wbem\wmiapsrv.exe
<verified> Système d'exploitation Microsoft® Windo 1188 C:\WINDOWS\system32\winlogon.exe
<verified> Windows Live Messenger 4008 C:\Program Files\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process firefox.exe (1132) connected on port 80 (HTTP) --> a69-192-28-20.deploy.akamaitechnologies.com
Process firefox.exe (1132) connected on port 80 (HTTP) --> iad04s01-in-f101.1e100.net
Process firefox.exe (1132) connected on port 80 (HTTP) --> a69-192-21-115.deploy.akamaitechnologies.com

Process svchost.exe (1484) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> ATI Multimedia Center C:\Program Files\ATI Multimedia\main\ATISched.EXE
<unsigned> autorun.bat E:\autorun/autorun.bat
<unsigned> Creative Media Explorer Detector C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
<unsigned> Creative Sync Manager C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
<unsigned> Google Talk C:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe
<unsigned> RegistrationReminder Application C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

<verified> Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<verified> AgentAntidote C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe
<verified> ATI 2D Component C:\WINDOWS\system32\Ati2mdxx.exe
<verified> ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
<verified> ati2evxx.dll C:\WINDOWS\system32\ati2evxx.dll
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
<verified> Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Desktop Search\WindowsSearch.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<verified> Symantec Security Technologies C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\browseui.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\crypt32.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\cscdll.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\logonui.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\sclgntfy.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\shell32.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\stobject.dll
<verified> Système d'exploitation Microsoft® Windo c:\windows\system32\userinit.exe
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\wlnotify.dll
<verified> Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
<verified> Windows® Search C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll


Browser plugins
---------------
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

<verified> AcroIEHelper Library c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\xms838h3.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft® Windows Live Login Helper c:\program files\fichiers communs\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Système d'exploitation Microsoft® Windo C:\WINDOWS\system32\mswsock.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\catchme.sys
referenced in: HKLM\System\ControlSet001\services\catchme\"ImagePath"


Scan
----
<unsigned> MD5: 51a9307498894f16d624eb65e432fc1b C:\Program Files\ATI Multimedia\main\ATISched.EXE
<unsigned> MD5: c5a750bccc238440a9769830d7cabd3c C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
<unsigned> MD5: 00d903a77d5d34d3ef548ef0beec2216 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CtConfig.dll
<unsigned> MD5: 5a03f0602e0350f2a7561c42b683f352 C:\Program Files\Creative\Shared Files\MtpManU.dll
<unsigned> MD5: 52da484b1147aae6df7e4cbadd9e1b9a C:\Program Files\Creative\Sync Manager Unicode\AVSrcU2.dll
<unsigned> MD5: ce0ff9da42db18eb83e843e78e7ea19a C:\Program Files\Creative\Sync Manager Unicode\CTIntrfu.dll
<unsigned> MD5: a01b019a4b4facefc7f692cff1ff7d57 C:\Program Files\Creative\Sync Manager Unicode\CTMyComu.cte
<unsigned> MD5: 75654f7df6a8763cf13e856ec024cdfb C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
<unsigned> MD5: 9b21347a00f9d8e9bb2e2928c45d9995 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
<unsigned> MD5: 8e0df9e6e53652c7189d8d690088b244 C:\Program Files\Creative\Sync Manager Unicode\CTTEMgru.cte
<unsigned> MD5: 47ca2f039fdb67697ee60c260cb8083c C:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 6256684495c499b22dcdba266e4f2494 C:\Program Files\Messenger Plus! Live\Detoured.dll
<unsigned> MD5: 06660b9e648e4114486d921735889819 C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes1.dll
<unsigned> MD5: 6f9b85c270d7287011670411801c9dbf C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: a0b507e037c3d2369f42a7bbfd08d878 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: f3c81a83d2332cbe12f519e53a7e413c C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 7206da15f187595389741f85dc47d2a5 C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 3af1ae1e0360410be3a8630050a59b8a C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
<unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 22e960972ef4b0618b9ac9a682575f22 C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
<unsigned> MD5: 47ce0350ae660f9ad0975692b6c85695 C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
<unsigned> MD5: a45b03f379d124ea0c4b6390ea211b19 C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
<unsigned> MD5: d3c20763228736bca5d8ed59ba9a11aa C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
<unsigned> MD5: 7d472248ffd7305045b2a9360b1c8b6c C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
<unsigned> MD5: 1c9627f01660e6ae2ffed5d92395e656 C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
<unsigned> MD5: c267ef333321b5cb0831cefe26a4e2ae C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
<unsigned> MD5: be1e7b9158345f6ae54b54aa1fc4a37d C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
<unsigned> MD5: 01375df189d5dda6d866e5e791227499 C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
<unsigned> MD5: 0fcaba8494b18001addf5fdf85baccac C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
<unsigned> MD5: 2f49a7525ee3ad59bdde915ae07113ad C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
<unsigned> MD5: f9c3cfe46e0aacac0f387e5625b7d0e6 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
<unsigned> MD5: 90abf1ec87ae325c9e836b9e05aac3f9 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
<unsigned> MD5: 1f2f8d43f8fc84cd3883aa20eda17f4c C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
<unsigned> MD5: 37b298befb4c1d1d7bc815e126d2f860 C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
<unsigned> MD5: 916590e4e64e5d02566632e5cdfee9e7 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
<unsigned> MD5: 1868b13184649bb03c6a05f7b20b91f2 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
<unsigned> MD5: c5227fdc50f1c0ee360c3b4b288a550f C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
<unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> MD5: c77bf2d25040e900dd8df2a8988343a7 C:\Program Files\Ubisoft\Telltale Games\CSI-Hard Evidence\Register\RegistrationReminder.exe
<unsigned> MD5: 91a93beee4e7e1234b4a914de4ce59ca C:\Program Files\Windows Live\Messenger\msimg32.dll
<unsigned> MD5: 1bf5adcdc841b69ab00187abd53253a1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
<unsigned> MD5: 31da97b4682187c6639bbe2215814fda C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: c7535e59be72f148f3c5efecadb2c54a C:\WINDOWS\system32\drivers\ATIRWVD.SYS
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll


No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.02 MB sent, 0.42 KB recvd
Scanned 939 files and modules - 48 seconds

==============================================================================
  • 0

#6
RKinner
Posted 16 July 2010 - 11:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
Your Combofix log looks much better now. BitDefender says what it can see is clean but for some strange reason it can't see inside the C:\Program Files\Mozilla Firefox folder. This is very suspicious. I would verify that IE works then uninstall Firefox then delete the folder C:\Program Files\Mozilla Firefox. Reboot then reinstall Firefox and rerun the BitDefender scan and copy and paste the results.

Other than that it looks pretty clean now. How is it running? Is Norton/Symantec happy?

Ron
  • 0

#7
rktac
Posted 17 July 2010 - 11:17 AM

rktac

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

After my last post, I decided to run a full scan with my AV (symantec endpoint protection).
While I wasn't getting the alerts anymore, I was now officially infected with Backdoor.tidserv!inv

My dad and I (yes, I resorted to ask my dad) worked on it for 5 hours straight, following the Symantec officials steps to remove this virus.

I'm running another scan on my computer at the moment, but last scan indicated that my computer was clean.
Then, as you said, I'll uninstall Firefox, reboot and reinstall it, but I won't post the BitDefender log since I'm pretty sure my computer is clean.

So I guess my problem is now solved, and that this topic can be 'closed' so other people will be able to get help.

I wanted to thank you for helping me in the first place.
I really do appreciate the attention you showed toward my problems and my questions.

-rktac
  • 0

#8
RKinner
Posted 18 July 2010 - 12:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP