[Kashink]

Hi,

Here are the results.

OTL:
OTL logfile created on: 28-01-10 11:29:13 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\xxx\Mes documents\Réception\Programmes\Sécurité
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: dd-MM-yy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,33 Gb Total Space | 30,15 Gb Free Space | 42,26% Space Free | Partition Type: NTFS
Drive D: | 71,84 Gb Total Space | 36,86 Gb Free Space | 51,31% Space Free | Partition Type: FAT32
Drive E: | 32,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-01-28 11:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxx\Mes documents\Réception\Programmes\Sécurité\OTL.exe
PRC - [2010-01-28 09:18:43 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\xxx\Local Settings\Temp\RtkBtMnt.exe
PRC - [2010-01-15 22:14:02 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-11-16 09:04:30 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-11-16 09:03:32 | 02,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-10-18 07:19:30 | 00,600,256 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-06-29 06:21:34 | 00,251,152 | R--- | M] (Dictionnaire Le Robert) -- C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe
PRC - [2008-12-29 05:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-07-08 12:59:20 | 00,193,808 | R--- | M] (Dictionnaire Le Robert) -- C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe
PRC - [2008-06-28 13:51:53 | 00,587,776 | ---- | M] () -- C:\Program Files\ZapNotes\zapNotesfr.exe
PRC - [2008-05-08 21:07:24 | 00,536,576 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008-04-13 21:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-03-03 15:45:08 | 01,583,624 | ---- | M] (Copernic Inc.) -- C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
PRC - [2008-01-04 20:09:30 | 03,632,128 | ---- | M] () -- C:\Program Files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
PRC - [2008-01-04 20:09:18 | 03,805,184 | ---- | M] () -- C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe
PRC - [2008-01-04 20:09:11 | 01,150,976 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Acer\Bio-Protection fingerprint solution\ATSwpNav.exe
PRC - [2007-10-17 09:59:44 | 00,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2007-09-07 10:33:20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007-07-17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007-07-17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007-07-11 14:07:46 | 00,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007-07-05 11:35:54 | 00,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2007-07-04 11:44:00 | 00,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007-05-28 15:56:16 | 00,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2007-05-28 09:32:36 | 16,132,608 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007-03-21 06:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007-03-21 06:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007-03-02 11:25:08 | 00,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2007-03-01 18:21:52 | 00,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007-02-21 11:28:36 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-02-21 11:16:48 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007-02-21 11:10:00 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-02-08 00:13:48 | 00,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007-02-08 00:12:48 | 00,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007-02-08 00:12:20 | 00,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007-02-06 16:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007-02-06 16:43:26 | 00,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
PRC - [2007-01-17 04:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2007-01-08 22:26:08 | 00,068,640 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007-01-08 15:39:44 | 00,171,040 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2005-02-17 07:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2004-08-04 22:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2003-08-29 18:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003-08-29 10:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010-01-28 11:27:00 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxx\Mes documents\Réception\Programmes\Sécurité\OTL.exe
MOD - [2008-04-13 21:33:33 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008-04-13 21:33:29 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008-04-13 21:33:29 | 00,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2007-05-28 15:55:16 | 00,024,064 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2007-05-28 15:54:22 | 00,077,824 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\ShowErrMsg.dll
MOD - [2007-05-28 15:54:18 | 00,167,936 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2007-02-06 16:45:14 | 00,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2007-01-08 15:17:44 | 00,502,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2007-01-04 15:04:52 | 00,199,168 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\CryptoAPI.dll
MOD - [2006-02-22 11:19:46 | 01,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc71u.dll
MOD - [2006-01-06 11:04:38 | 00,012,064 | ---- | M] () -- C:\Program Files\Copernic Desktop Search 2\DesktopSearchSystem203000018.dll
MOD - [2005-10-11 13:18:54 | 00,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2004-08-04 22:00:00 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003-03-18 20:44:34 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71FRA.DLL
MOD - [2003-02-20 22:42:20 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2009-11-16 09:12:54 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-11-16 09:04:30 | 00,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008-05-08 21:07:24 | 00,536,576 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008-04-13 21:33:27 | 00,029,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007-03-21 06:00:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007-03-01 18:21:52 | 00,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007-02-21 11:28:36 | 00,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007-02-21 11:16:48 | 00,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007-02-21 11:10:00 | 00,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007-02-06 16:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007-02-06 16:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007-01-17 04:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007-01-08 15:39:44 | 00,171,040 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005-11-14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.webshots.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-28 08:57:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-28 08:57:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010-01-02 11:01:31 | 00,000,000 | ---D | M]

[2010-01-28 08:57:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Mozilla\Extensions
[2010-01-28 09:20:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Mozilla\Firefox\Profiles\hamiuf3v.default\extensions
[2010-01-28 08:57:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-15 20:10:07 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010-01-15 20:10:07 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010-01-15 20:10:07 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010-01-15 20:10:07 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010-01-15 20:10:07 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008-04-22 03:19:46 | 00,683,976 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 18174 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe File not found
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSet] C:\WINDOWS\PLFSet.DLL ( )
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe ()
O4 - HKCU..\Run: [Copernic Desktop Search 2] C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [eNMTray.exe] File not found
O4 - HKCU..\Run: [GRC V2 Hyperappel] C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe (Dictionnaire Le Robert)
O4 - HKCU..\Run: [Le Petit Robert V3 Hyperappel] C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe (Dictionnaire Le Robert)
O4 - HKCU..\Run: [rcwinHyper] C:\Program Files\Le Robert\Le Robert & Collins\rcwinHyper.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [ZapNotes] C:\Program Files\ZapNotes\zapNotesfr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\xxx\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.rdl (Copernic Technologies Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe File not found
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: logiterm ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1199474406068 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (lycozv.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll - C:\Program Files\Acer\Bio-Protection fingerprint solution\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\xxx\Application Data\Webshots\The Webshots Desktop\Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\xxx\Application Data\Webshots\The Webshots Desktop\Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-11-09 21:49:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (13795666882985984)

========== Files/Folders - Created Within 14 Days ==========

[2010-01-28 09:24:48 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-01-28 08:57:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xxx\Application Data\Mozilla
[2010-01-28 08:57:02 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-01-28 07:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010-01-28 00:03:26 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010-01-27 16:56:48 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-25 14:13:48 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe(2)
[2008-12-24 18:05:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008-08-29 07:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008-01-07 14:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2008-01-04 20:10:54 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2008-01-04 20:08:06 | 00,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008-01-04 20:08:06 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2008-01-04 20:08:06 | 00,045,056 | ---- | C] ( ) -- C:\WINDOWS\PLFSet.dll
[2007-11-09 21:43:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007-11-09 21:43:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010-01-28 11:22:02 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-28 11:21:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-28 11:21:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-28 11:21:38 | 21,458,32960 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-28 09:34:24 | 05,038,080 | ---- | M] () -- C:\Documents and Settings\xxx\ntuser.dat
[2010-01-28 09:34:00 | 00,000,184 | -HS- | M] () -- C:\Documents and Settings\xxx\ntuser.ini
[2010-01-28 00:01:51 | 02,714,234 | -H-- | M] () -- C:\Documents and Settings\xxx\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2010-01-28 09:48:27 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\xxx\Bureau\gmer.exe
[2010-01-27 23:35:16 | 05,038,080 | ---- | C] () -- C:\Documents and Settings\xxx\ntuser.dat
[2009-12-20 11:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Waverly.INI
[2009-12-17 17:05:25 | 00,000,106 | ---- | C] () -- C:\WINDOWS\Antidote7.ini
[2009-10-02 16:02:15 | 00,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-08-04 15:18:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009-05-18 08:21:27 | 00,000,131 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009-05-18 07:47:58 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\snp2uvc.sys
[2009-05-18 07:47:58 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\sncduvc.sys
[2009-05-18 07:47:57 | 00,000,131 | ---- | C] () -- C:\WINDOWS\System32\PidList.ini
[2009-05-10 15:45:03 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009-05-10 15:45:00 | 00,000,009 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2009-03-31 10:26:48 | 00,000,002 | ---- | C] () -- C:\Documents and Settings\xxx\Application Data\ceville_console_history.txt
[2009-03-26 09:37:48 | 00,121,839 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2008-10-12 11:37:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\CastleMalloy.INI
[2008-06-20 17:16:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhantomOfVenice.INI
[2008-06-08 09:06:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008-05-24 13:53:54 | 00,000,698 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008-04-26 10:15:39 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008-04-26 10:11:32 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-04-26 08:05:29 | 00,060,416 | ---- | C] () -- C:\Documents and Settings\xxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-04-25 17:39:06 | 00,000,024 | ---- | C] () -- C:\WINDOWS\fls1.ini
[2008-04-25 17:30:30 | 00,335,872 | ---- | C] () -- C:\WINDOWS\System32\DKU5INST.DLL
[2008-04-25 17:30:28 | 00,398,848 | R--- | C] () -- C:\WINDOWS\System32\dk2win32.dll
[2008-04-25 17:30:28 | 00,003,919 | ---- | C] () -- C:\WINDOWS\System32\flsinst.ini
[2008-04-25 17:30:27 | 01,306,624 | ---- | C] () -- C:\WINDOWS\System32\FLSINST.DLL
[2008-04-11 16:57:20 | 00,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2008-01-27 14:22:40 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-01-27 14:22:39 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-01-08 14:19:57 | 00,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008-01-08 07:44:06 | 00,000,146 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2008-01-08 07:22:42 | 00,000,281 | ---- | C] () -- C:\WINDOWS\PR1V2.INI
[2008-01-08 06:59:21 | 00,000,861 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008-01-04 20:14:03 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2008-01-04 20:12:46 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\WirelessMgr.dll
[2008-01-04 20:11:55 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NATTraversal.dll
[2008-01-04 20:10:54 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2008-01-04 20:09:17 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AtNav.dll
[2008-01-04 20:08:06 | 01,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008-01-04 20:08:06 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008-01-04 20:03:41 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\xxx\Local Settings\Application Data\fusioncache.dat
[2007-11-09 21:49:52 | 00,000,038 | ---- | C] () -- C:\WINDOWS\PreLaunch.ini
[2007-08-09 11:01:18 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-08-09 09:44:10 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007-08-09 09:43:38 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2007-08-09 09:43:38 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2007-08-09 09:43:38 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007-07-23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007-07-23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007-07-23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007-07-23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007-06-05 09:24:14 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2007-06-05 08:48:58 | 00,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007-05-28 15:56:14 | 01,411,584 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2007-05-28 15:55:06 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2007-05-28 15:54:32 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2007-02-06 16:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007-02-06 16:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2007-01-04 15:10:22 | 00,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2006-08-28 12:30:04 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006-03-10 07:18:16 | 00,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004-08-04 22:00:00 | 00,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003-11-24 08:55:48 | 00,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2003-11-24 08:55:32 | 00,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2001-12-26 09:12:30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001-09-03 16:46:38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001-07-30 09:33:56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001-07-23 15:04:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1997-09-18 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997-09-18 00:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997-09-18 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995-11-14 00:00:00 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1995-11-14 00:00:00 | 00,010,000 | ---- | C] () -- C:\WINDOWS\System32\VBAFR32.DLL
[1995-11-14 00:00:00 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1995-11-14 00:00:00 | 00,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1995-11-14 00:00:00 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
[1995-08-07 17:53:00 | 00,463,904 | ---- | C] () -- C:\WINDOWS\System32\owl253f.dll

========== LOP Check ==========

[2009-04-09 15:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CaseBook
[2009-08-22 15:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-01-02 11:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-12-17 16:45:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Le Robert
[2010-01-27 23:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-03-14 11:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Acer
[2008-01-08 16:50:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Copernic
[2009-08-22 15:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\DAEMON Tools
[2009-08-22 15:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\DAEMON Tools Lite
[2009-08-22 15:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\DAEMON Tools Pro
[2008-01-08 14:30:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Druide
[2010-01-27 23:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Games
[2009-06-17 13:57:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\LimeWire
[2009-12-06 13:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\MysteryStudio
[2010-01-27 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\SpinTop
[2008-01-08 14:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xxx\Application Data\Webshots

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004-08-04 22:00:00 | 18,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004-08-04 22:00:00 | 18,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-08-29 07:11:32 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-08-29 07:11:32 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-03 16:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004-08-04 22:00:00 | 18,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004-08-04 22:00:00 | 18,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-08-29 07:11:32 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-08-29 07:11:32 | 23,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 15:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004-08-03 15:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004-08-04 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-13 21:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 21:33:24 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007-03-21 05:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007-03-21 05:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007-03-21 05:58:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys
[2007-03-21 05:59:30 | 00,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008-04-13 21:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 21:33:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-04 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-13 21:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 21:33:40 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004-08-04 22:00:00 | 00,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008-05-08 21:19:56 | 00,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DAD076E
< End of report >

Extras:
OTL Extras logfile created on: 28-01-10 11:29:13 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Geneviève Raymond\Mes documents\Réception\Programmes\Sécurité
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: dd-MM-yy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71,33 Gb Total Space | 30,15 Gb Free Space | 42,26% Space Free | Partition Type: NTFS
Drive D: | 71,84 Gb Total Space | 36,86 Gb Free Space | 51,31% Space Free | Partition Type: FAT32
Drive E: | 32,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"mW[íµ�ˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>�­Ý\†Ð=ŸàÛ±Þ" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"35583:TCP" = 35583:TCP:*:Enabled:Limewire

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- (Nortel Networks NA, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Disabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\3.17.10.exe" = C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\3.17.10.exe:*:Enabled:Windows Application Service -- File not found
"C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\vcs.21.10.exe" = C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\vcs.21.10.exe:*:Enabled:Windows Application Service -- File not found
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERANTISPYWARE.EXE -- (SUPERAntiSpyware.com)
"C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe" = C:\Program Files\Le Robert\Le Petit Robert 2010\RobertHA.exe:*:Enabled:Le Petit Robert Hyperappel -- (Dictionnaire Le Robert)
"C:\Program Files\Le Robert\Le Petit Robert 2010\prnet.exe" = C:\Program Files\Le Robert\Le Petit Robert 2010\prnet.exe:*:Enabled:Le Petit Robert 2010 -- (Dictionnaire Le Robert)
"C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe" = C:\Program Files\Le Robert\Le Grand Robert & Collins\GRCHA.exe:*:Enabled:Le Grand Robert & Collins Hyperappel -- (Dictionnaire Le Robert)
"C:\Program Files\Le Robert\Le Grand Robert & Collins\GRC2009.exe" = C:\Program Files\Le Robert\Le Grand Robert & Collins\GRC2009.exe:*:Enabled:Le Grand Robert & Collins -- (Le Robert)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:mbam.exe -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe:*:Enabled:mbamservice.exe -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe:*:Enabled:mbamtrayctrl.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{03EC1FFD-2F3C-AB30-FC8F-8A464EA3AB54}" = CCC Help Norwegian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A49527E-76D9-1A0E-1242-D1C449E2F246}" = Catalyst Control Center Localization French
"{1EB867A9-2CAC-9F2B-70AA-225B89329957}" = Catalyst Control Center Localization Swedish
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3C22A328-753B-709F-B575-8E7F26EF5769}" = CCC Help Portuguese
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{426E1B57-707D-E5D9-82BB-D375728C0101}" = Catalyst Control Center Localization Dutch
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{46369E80-6A3D-55A6-D54A-489ADE5258A2}" = Catalyst Control Center Localization Portuguese
"{476275FA-A3F8-3BD2-1042-2BD29F13CC2E}" = Skins
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{51EAB826-C5A4-2578-44AE-61CB8F6AF06C}" = CCC Help Korean
"{521E1CA4-C40B-E2E0-9C88-94B89CFE1FF9}" = Catalyst Control Center Localization German
"{54213804-C8B0-FF91-FEE4-AE177D55EF56}" = CCC Help Finnish
"{54C87F30-9A03-A151-E25D-643C6A19BE4D}" = Catalyst Control Center Localization Norwegian
"{567B13FA-9FA9-050E-5CD7-6C07F3A28DF7}" = CCC Help Turkish
"{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C51F530-415D-6DC1-AF78-4839F93B84C3}" = CCC Help English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F212730-512E-C674-11B5-C4AEECAE1366}" = Catalyst Control Center Localization Thai
"{5F339FE5-9930-1B33-6090-EFFFD1749F3C}" = ccc-core-static
"{64682560-7401-4C2D-4B68-622001EBDB38}" = CCC Help French
"{666E9A48-A877-A912-6E7F-565C4E36A4BB}" = CCC Help Chinese Traditional
"{672F8700-B561-252F-6585-333FEE398EE3}" = CCC Help Swedish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68280718-3175-6C86-75E5-EA4706D0F545}" = Catalyst Control Center Localization Chinese Traditional
"{6A0DC722-5AE2-7878-04E3-12FD42242815}" = CCC Help German
"{6A41F0A6-445C-A426-3B9B-0F3138C36EC6}" = Catalyst Control Center Graphics Light
"{6C39F2B2-C1D8-479D-B8A8-C5A9425C14C5}" = Diego
"{6DFA698C-EB46-412F-9886-93B2C8617841}" = Catalyst Control Center - Branding
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{74F3AA35-BC41-119C-B74E-FFF0072973FE}" = CCC Help Spanish
"{765A0DD0-B60B-F6A0-6A8D-54054A4E6487}" = Catalyst Control Center Localization Czech
"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice™
"{78463EA5-5490-41F4-959F-BF0CEE4F8AFD}" = A Quiet Weekend in Capri
"{79170233-E0A5-5A4A-28D9-C6A0CF774F13}" = Catalyst Control Center Localization Danish
"{79435D1E-148B-8C58-8F3E-6E96D9284149}" = Catalyst Control Center Localization Chinese Standard
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}" = Client MetaFrame Presentation Server
"{7B0B88BC-FF93-DA03-F84E-D23477157E5C}" = Catalyst Control Center Core Implementation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CBFA1C0-9F76-FF29-3EFC-9F7655E8FF56}" = CCC Help Thai
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{80361553-17D6-84D1-31E2-D8ABF0C66959}" = ccc-utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E87FED9-68EA-8A40-CB37-1F532F4D6D72}" = Catalyst Control Center Graphics Full New
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9112040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{97521F0B-9072-0C9C-C765-961B07DEA729}" = Catalyst Control Center Localization Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9A6C83A6-C190-EBA9-8E38-D480A994DA92}" = Catalyst Control Center Localization Italian
"{9B6C43B6-8B1B-34DA-1E05-B5BC51B2B804}" = Catalyst Control Center Localization Spanish
"{9C62C977-0111-F5FC-EBCA-4D917BADF751}" = CCC Help Dutch
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34C7BA8-938B-55FD-2600-57BECFB55D6A}" = CCC Help Greek
"{A6139E1F-1392-1442-8152-87BA59B2F64D}" = ccc-core-preinstall
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.7 - Français
"{AEF1E88C-A98D-890F-CFDC-FD6FD3B8E829}" = CCC Help Italian
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B46FFFB4-FE24-3338-D53F-3C899AFD5A23}" = CCC Help Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B98B1629-E1F6-5DD5-8D1E-C8C3F6F80C89}" = Catalyst Control Center Graphics Full Existing
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C165A1B2-08D0-52C3-D5DB-665C8F251570}" = Catalyst Control Center Localization Turkish
"{C9F00AEA-9046-4AA8-A850-F24F04A03026}" = ESET NOD32 Antivirus
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB88A5FF-59EE-6BF7-A5B5-2C7B63872745}" = Catalyst Control Center Localization Korean
"{CC6C4177-6365-1500-9279-480C79B0E592}" = CCC Help Czech
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D26BCF43-7100-E5F9-27FD-EA03670F1AE8}" = CCC Help Danish
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D6A48C7F-A0F8-46A5-A1ED-F45A62FE93BF}" = Visuel intégré
"{DC34C68C-A16F-56A7-AEFA-5DB8DAA6E9E3}" = CCC Help Russian
"{DD530FBD-D52A-8044-15B6-2E62E65AE83E}" = Catalyst Control Center Localization Polish
"{E42BF37A-510C-D596-081D-307CA952D888}" = Catalyst Control Center Localization Hungarian
"{E58BE852-C68B-D02E-A6CF-BB8B4614AD42}" = Catalyst Control Center Localization Greek
"{E5A48BBD-7D1B-A49A-27D7-D02BE34940D6}" = CCC Help Hungarian
"{E697374A-6555-990E-821F-09AF8388CEAA}" = CCC Help Japanese
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ECB8E83D-CE7B-C7E5-7F36-7677EAAB5F39}" = Catalyst Control Center Localization Russian
"{EEBFB406-5846-4F33-96B5-C7BA8FC50F69}" = AuthenTec Fingerprint Sensor Minimum Install
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F58C48CB-A079-3BEC-5CB3-1E81F36AC79D}" = Catalyst Control Center Localization Finnish
"{F915CF43-C7E7-9886-48F4-640F124A0AAB}" = CCC Help Chinese Standard
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Acer Bio-Protection fingerprint solution 3.0.1.1" = Acer Bio-Protection fingerprint solution 3.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Copernic Agent Basic" = Copernic Agent Basic
"CopernicDesktopSearch2" = Copernic Desktop Search 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DKU5INST" = Nokia Connectivity Adapter DKU-5
"ERUNT_is1" = ERUNT 1.1j
"FileMaker Pro 4.0" = FileMaker Pro 4.0
"FLSINST" = FLS-4 Driver Installation
"GRCDVD" = Le Grand Robert & Collins
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.4088
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LimeWire" = LimeWire 4.16.6
"LManager" = Launch Manager
"Magicama" = Magicama
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobiMB Mobile Media Browser" = MobiMB Mobile Media Browser
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multidictionnaire" = Multidictionnaire
"Nine" = Nine
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Portal by vo0" = Portal
"PowerISO" = PowerISO
"PR1CD2010" = Le Petit Robert 2010
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Programme de gestion Camera de Logitech®
"Return to Mysterious Island 21.05" = Return to Mysterious Island 2
"Shadow Of Destiny ™" = Shadow Of Destiny ™
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Lost Cases Of Sherlock Holmes_is1" = The Lost Cases Of Sherlock Holmes
"Webshots Desktop" = Webshots Desktop
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Le Robert & Collins" = Le Robert & Collins

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28-01-10 11:39:09 | Computer Name = ACER | Source = ESENT | ID = 489
Description = wuauclt (3144) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 28-01-10 11:39:09 | Computer Name = ACER | Source = ESENT | ID = 455
Description = wuaueng.dll (3144) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 28-01-10 11:39:19 | Computer Name = ACER | Source = ESENT | ID = 489
Description = wuauclt (2880) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 28-01-10 11:39:19 | Computer Name = ACER | Source = ESENT | ID = 455
Description = wuaueng.dll (2880) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 28-01-10 11:39:29 | Computer Name = ACER | Source = ESENT | ID = 489
Description = wuauclt (2880) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 28-01-10 11:39:29 | Computer Name = ACER | Source = ESENT | ID = 455
Description = wuaueng.dll (2880) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 28-01-10 11:39:43 | Computer Name = ACER | Source = ESENT | ID = 489
Description = wuauclt (2968) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 28-01-10 11:39:43 | Computer Name = ACER | Source = ESENT | ID = 455
Description = wuaueng.dll (2968) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 28-01-10 11:39:53 | Computer Name = ACER | Source = ESENT | ID = 489
Description = wuauclt (2968) Une tentative d'ouverture du fichier "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

Error - 28-01-10 11:39:53 | Computer Name = ACER | Source = ESENT | ID = 455
Description = wuaueng.dll (2968) SUS20ClientDataStore: L'erreur -1032 (0xfffffbf8)
s'est produite lors de l'ouverture du fichier journal C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service Process Monitor s'est terminé de façon inattendue pour
la 1ème fois.

Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service LightScribeService Direct Disc Labeling Service s'est terminé
de façon inattendue pour la 1ème fois.

Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service Intel® Matrix Storage Event Monitor s'est terminé de
façon inattendue pour la 1ème fois.

Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service Intel® PROSet/Wireless Registry Service s'est terminé
de façon inattendue pour la 1ème fois.

Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service Cyberlink RichVideo Service(CRVS) s'est terminé de façon
inattendue pour la 1ème fois.

Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service Java Quick Starter s'est terminé de façon inattendue pour
la 1ème fois.

Error - 28-01-10 10:15:52 | Computer Name = ACER | Source = Service Control Manager | ID = 7034
Description = Le service eLock Service s'est terminé de façon inattendue pour la
1ème fois.

Error - 28-01-10 10:17:58 | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = Le service Nortel Extranet Access Protocol n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 28-01-10 10:35:39 | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = Le service Nortel Extranet Access Protocol n'a pas pu démarrer en
raison de l'erreur : %%2

Error - 28-01-10 12:21:45 | Computer Name = ACER | Source = Service Control Manager | ID = 7000
Description = Le service Nortel Extranet Access Protocol n'a pas pu démarrer en
raison de l'erreur : %%2


< End of report >

MBAM: (everything okay)
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3650
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28-01-10 09:32:49
mbam-log-2010-01-28 (09-32-49).txt

Type de recherche: Examen rapide
Eléments examinés: 121450
Temps écoulé: 4 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


ark:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-28 10:56:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\xxx\LOCALS~1\Temp\ugldrpob.sys


---- System - GMER 1.0.15 ----

SSDT 868B68A0 ZwAssignProcessToJobObject
SSDT spvu.sys ZwCreateKey [0xB9EA80E0]
SSDT spvu.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spvu.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spvu.sys ZwOpenKey [0xB9EA80C0]
SSDT 868B5CB0 ZwOpenProcess
SSDT 868B60D0 ZwOpenThread
SSDT spvu.sys ZwQueryKey [0xB9EC7108]
SSDT spvu.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spvu.sys ZwSetValueKey [0xB9EC719A]
SSDT 868B66D0 ZwSuspendProcess
SSDT 868B64F0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9D92A0B0]
SSDT 868B6310 ZwTerminateThread

INT 0x62 ? 8A562BF8
INT 0x63 ? 89A64BF8
INT 0x74 ? 89A64BF8
INT 0x82 ? 8A562BF8
INT 0x84 ? 89A64BF8
INT 0x94 ? 89A64BF8
INT 0xA4 ? 8A563BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5411F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (PSD Filter Driver/HiTRUST)

Device \FileSystem\Fastfat \FatCdrom 89458500
Device \Driver\sptd \Device\335788348 spvu.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{05300278-6785-47B2-AE21-2E00102ADB99} 89834500
Device \Driver\usbuhci \Device\USBPDO-0 89A631F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5651F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5651F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5651F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5651F8
Device \Driver\usbuhci \Device\USBPDO-1 89A631F8
Device \Driver\usbehci \Device\USBPDO-2 899B81F8
Device \Driver\usbuhci \Device\USBPDO-3 89A631F8
Device \Driver\usbuhci \Device\USBPDO-4 89A631F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\usbehci \Device\USBPDO-5 899B81F8
Device \Driver\usbuhci \Device\USBPDO-6 89A631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A360C48F-E9DC-4A6D-874F-03AD5D44D60B} 89834500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5661F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A5661F8
Device \Driver\Cdrom \Device\CdRom0 898DA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A5661F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D696D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9D16B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9D16B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9D16B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D696D0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 898DA1F8
Device \Driver\Cdrom \Device\CdRom2 898DA1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89834500
Device \Driver\NetBT \Device\NetbiosSmb 89834500
Device \Driver\PCI_PNP4598 \Device\00000092 spvu.sys
Device \Driver\usbuhci \Device\USBFDO-0 89A631F8
Device \Driver\usbuhci \Device\USBFDO-1 89A631F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B453C5F5-7D4B-4295-A3F1-F2A626F8DE10} 89834500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A711F8
Device \Driver\usbehci \Device\USBFDO-2 899B81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A711F8
Device \Driver\usbuhci \Device\USBFDO-3 89A631F8
Device \Driver\usbuhci \Device\USBFDO-4 89A631F8
Device \Driver\Ftdisk \Device\FtControl 8A5661F8
Device \Driver\usbuhci \Device\USBFDO-5 89A631F8
Device \Driver\usbehci \Device\USBFDO-6 899B81F8
Device \Driver\a4vyj734 \Device\Scsi\a4vyj7341Port3Path0Target0Lun0 898D71F8
Device \Driver\a4vyj734 \Device\Scsi\a4vyj7341Port3Path0Target1Lun0 898D71F8
Device \Driver\a4vyj734 \Device\Scsi\a4vyj7341 898D71F8
Device \FileSystem\Fastfat \Fat 89458500

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 899F4500

---- Threads - GMER 1.0.15 ----

Thread System [4:776] 868B4930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xAF 0x7D 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDB 0xAF 0x8A 0x8D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x09 0x65 0xC1 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1E 0x31 0x89 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA9 0xC9 0xD6 0x6F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xAF 0x7D 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xDB 0xAF 0x8A 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x09 0x65 0xC1 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1E 0x31 0x89 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA9 0xC9 0xD6 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x06 0xAF 0x7D 0x21 ...

---- EOF - GMER 1.0.15 ----

Thanks

[Advertisements]

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

[RKinner]

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

[Kashink]

Hi Ron,

Thanks for helping

Here is the Combofix.txt file:

ComboFix 10-01-28.05 - 29-01-10 8:16.4.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1597 [GMT -5:00]
Lancé depuis: c:\documents and settings\xxx\Bureau\george.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Un antivirus résident est actif

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\autorun.ini
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-28 au 2010-01-29 ))))))))))))))))))))))))))))))))))))
.

2010-01-28 20:40 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-28 20:40 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-28 14:24 . 2010-01-28 14:25 -------- d-----w- c:\program files\ERUNT
2010-01-28 12:57 . 2010-01-28 12:57 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-28 05:03 . 2010-01-28 05:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-27 21:56 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-25 19:13 . 2010-01-28 05:03 -------- d-----w- c:\program files\Adobe(2)
2010-01-02 16:01 . 2010-01-02 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 12:57 . 2009-03-26 14:41 -------- d-----w- c:\program files\Launch Manager
2010-01-28 22:05 . 2008-01-08 19:21 -------- d-----w- c:\program files\Nortel Networks
2010-01-28 05:03 . 2008-04-30 14:43 -------- d-----w- c:\program files\SpywareBlaster
2010-01-28 05:03 . 2008-04-28 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 05:03 . 2008-04-28 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 05:03 . 2008-04-04 20:28 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-28 04:34 . 2008-04-30 14:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-28 03:05 . 2008-05-05 21:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-27 21:56 . 2008-05-24 18:52 5115823 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 21:07 . 2008-05-24 18:52 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 16:01 . 2008-01-07 20:57 -------- d-----w- c:\program files\ESET
2009-12-26 23:12 . 2008-01-27 19:47 -------- d-----w- c:\program files\Jeux
2009-12-17 22:02 . 2009-12-17 21:58 -------- d-----w- c:\program files\Druide
2009-12-17 21:45 . 2009-12-17 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Le Robert
2009-12-17 21:43 . 2008-01-07 22:41 -------- d-----w- c:\program files\Le Robert
2009-12-17 21:14 . 2008-07-31 18:49 -------- d-----w- c:\program files\Antidote
2009-12-13 13:43 . 2008-04-30 13:36 -------- d-----w- c:\program files\Java
2009-12-13 13:43 . 2007-08-09 15:48 99478 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-13 13:43 . 2007-08-09 15:48 540822 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-13 13:43 . 2008-01-07 23:22 71126 ----a-w- c:\windows\system32\perfc040.dat
2009-12-13 13:43 . 2008-01-07 23:22 459392 ----a-w- c:\windows\system32\perfh040.dat
2009-12-03 20:41 . 2008-07-29 21:12 -------- d-----w- c:\program files\DivX
2009-12-03 20:40 . 2009-05-20 13:03 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-11-21 15:58 . 2004-08-05 03:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 14:06 . 2009-11-16 14:06 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 14:03 . 2009-11-16 14:03 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 13:56 . 2009-11-16 13:56 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search 2"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-03-03 1583624]
"ZapNotes"="c:\program files\ZapNotes\zapNotesfr.exe" [2008-06-28 587776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-01-27 2002160]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Le Petit Robert V3 Hyperappel"="c:\program files\Le Robert\Le Petit Robert 2010\RobertHA.exe" [2009-06-29 251152]
"GRC V2 Hyperappel"="c:\program files\Le Robert\Le Grand Robert & Collins\GRCHA.exe" [2008-07-08 193808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1015808]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2008-01-05 3805184]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"agentantidote.exe"="c:\program files\Druide\Antidote 7\Programmes32\agentantidote.exe" [2009-10-18 600256]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\xxx\Menu D‚marrer\Programmes\D‚marrage\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-10-26 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-01-02 15:58 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-01-05 01:09 2803200 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[íµ�ˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>�­Ý\†Ð=ŸàÛ±Þ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Le Robert\\Le Petit Robert 2010\\RobertHA.exe"=
"c:\\Program Files\\Le Robert\\Le Petit Robert 2010\\prnet.exe"=
"c:\\Program Files\\Le Robert\\Le Grand Robert & Collins\\GRCHA.exe"=
"c:\\Program Files\\Le Robert\\Le Grand Robert & Collins\\GRC2009.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35583:TCP"= 35583:TCP:Limewire

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26-04-08 10:11 717296]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16-11-09 09:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16-11-09 09:06 96408]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10-10-06 11:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27-02-07 10:39 74480]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [16-11-09 09:04 735960]
R2 FLE5WNNT;FLE-5 WindowsNT Driver;c:\windows\system32\drivers\fle5wnnt.sys [25-04-08 17:30 33404]
R2 FLSIFACE;FLSIface;c:\windows\system32\drivers\flsiface.sys [25-04-08 17:30 13440]
R2 FLSPAR;FLSPar;c:\windows\system32\drivers\flspar.sys [25-04-08 17:30 16314]
R2 FLSSER;FLSSer;c:\windows\system32\drivers\flsser.sys [25-04-08 17:30 8344]
R2 FLSVCOM;FLSVCom;c:\windows\system32\drivers\flsvcom.sys [25-04-08 17:30 32666]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [08-01-08 14:21 9433]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16-02-06 15:51 4096]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [08-01-08 14:21 115680]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://sympatico.msn.ca/defaultf.aspx
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://cf.rd.yahoo.com/customize/ycomp/defaults/su/*http://cf.yahoo.com
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\hamiuf3v.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-rcwinHyper - c:\program files\Le Robert\Le Robert & Collins\rcwinHyper.exe
HKCU-Run-eNMTray.exe - (no file)
HKLM-Run-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe
AddRemove-HijackThis - c:\documents and settings\xxx\Mes documents\HijackThis.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-Le Robert & Collins - c:\program files\Le Robert\Le Robert & Collins\uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 08:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spip.sys >>UNKNOWN [0x8A582938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba18cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> atapi.sys @ 0xb9d16b40
\Driver\iaStor -> iaStor.sys @ 0xb9d696d0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel® Wireless WiFi Link 4965AGN -> SendCompleteHandler -> NDIS.sys @ 0xb9bdabb0
PacketIndicateHandler -> NDIS.sys @ 0xb9be7a21
SendHandler -> NDIS.sys @ 0xb9bc587b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1820)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll

- - - - - - - > 'explorer.exe'(7560)
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\xpsp3res.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
c:\program files\Acer\Bio-Protection fingerprint solution\ATSwpNav.exe
c:\program files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Heure de fin: 2010-01-29 08:28:42 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-29 13:28

Avant-CF: 32 245 432 320 octets libres
Après-CF: 32 146 657 280 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

- - End Of File - - 98BB2E960F6220A3C499B53CFFD6BF31

[emeraldnzl]

Hello Kashink,

Just out of curiosity, why did you run ComboFix?

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

• Read through the requirements and privacy statement and click on Accept button.
• It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post

• MBAM log
• Kaspersky scan results
• and tell me how your computer is performing now

[Kashink]

Hi, thanks for helping.

About Combofix, I ran it because the staff member who first answered this thread asked for it.

Here is the MBAM log (all clear):

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3674
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

01-02-10 17:14:43
mbam-log-2010-02-01 (17-14-43).txt

Type de recherche: Examen rapide
Eléments examinés: 122247
Temps écoulé: 4 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Here is the Kapersky report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, February 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, February 01, 2010 13:54:30
Records in database: 3393933
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 88521
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:38:35


File name / Threat / Threats count
C:\Documents and Settings\xxx\Mes documents\Réception\Programmes\Daemon\daemon403-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\xxx\Mes documents\Réception\Programmes\Nokia\Theme Studio\S40_Theme_Studio_2.0.0.rar Infected: not-a-virus:RiskTool.Win32.PsKill.103 2

Selected area has been scanned.


Performance-wise, all I can say for now is that, despite your much appreciated help, the problem that brought me here has not disappeared: when I try to log in to my client's database after connecting through Nortel Contivity, Firefox acts as if it were redirected from http://xxx/index.php to www.xxx.com.

[emeraldnzl]

Oh dear, I missed that.

Your posting in the Waiting Room hadn't been answered and I missed that RKinner had answered you here.

I will bow out.

I will PM him to let him know.

[Kashink]

Thanks. I did some research on the threats found by Kaspersky and apparently, those files may be dangerous, but they would not be the cause of my problem. I dit not delete them yet, I am waiting for some advice in that regard, since I am not sure how I should proceed.

I should add that the only "redirect" event I noticed is when I am trying to log on to a client database, after successfully connecting to his intranet. It's as if my computer were not welcome by the database and, not being able to log on at the database address (http://xxx/index.php) starts looking on the Internet at large (wwww.xxx.com), although it cannot access the Internet from there (while I am still connected to the client's intranet).

I hope I made myself clear

[RKinner]

I don't see anything bad tho running limewire on a business computer is not the smartest thing to do.

Sounds like you have a routing issue or perhaps a DNS issue. If I understand you correctly you connect to a client's computer via a VPN or something like it. But once you are connected you start going to the wrong place?

start, run, cmd, OK to bring up a command window. Type (with an Enter after each line)

netstat -rn >> junk.txt

(netstat SPACE -RN SPACE >> SPACE junk.txt)

(now connect to the client and do:)

netstat -rn >> junk.txt

notepad junk.txt

(notepad should open. Copy the text and paste it into a reply.)

Ron

[Kashink]

Hi Ron,

Thanks for taking the time. Incidently, I used Limewire only twice I think; should I remove it just the same?

Okay, you did get it right. Just to make sure: I connect to the client's site through Contivity (Nortel Networks), I enter my id, my password and then a token-generated password, then I launch Firefox or Explorer and I enter the address mentioned before, at which time Firefox tries to redirect me to a www.xxx.com address, instead of leading me, as it did for years until the weekend before last, to http://xxx/index.php.

To get the following log, I did as you asked before I connected, and then I did it again after the connection, that is right before I would normally launch a browser. Here is what came of it:

===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 e8 df d3 33 ...... Intel® Wireless WiFi Link 4965AGN - Miniport d'ordonnancement de paquets
0x3 ...00 1d 72 02 76 54 ...... Broadcom NetLink ™ Gigabit Ethernet - Miniport d'ordonnancement de paquets
0x4 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - Miniport d'ordonnancement de paquets
===========================================================================
===========================================================================
Itinéraires actifs :
Destination réseau Masque réseau Adr. passerelle Adr. interface Métrique
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 30
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 30
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 30
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
255.255.255.255 255.255.255.255 192.168.1.102 3 1
255.255.255.255 255.255.255.255 192.168.1.102 4 1
Passerelle par défaut : 192.168.1.1
===========================================================================
Itiniraires persistants :
Aucun

Table de routage
===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 e8 df d3 33 ...... Intel® Wireless WiFi Link 4965AGN - Miniport d'ordonnancement de paquets
0x3 ...00 1d 72 02 76 54 ...... Broadcom NetLink ™ Gigabit Ethernet - Miniport d'ordonnancement de paquets
0x4 ...44 45 53 54 42 00 ...... Nortel IPSECSHM Adapter - Miniport d'ordonnancement de paquets
===========================================================================
===========================================================================
Itinéraires actifs :
Destination réseau Masque réseau Adr. passerelle Adr. interface M‚trique
0.0.0.0 0.0.0.0 10.20.209.168 10.20.209.168 1
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 31
10.20.209.0 255.255.255.0 10.20.209.168 10.20.209.168 30
10.20.209.168 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.20.209.168 10.20.209.168 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
140.80.199.20 255.255.255.255 192.168.1.1 192.168.1.102 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 30
192.168.1.0 255.255.255.0 10.20.209.168 10.20.209.168 1
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 30
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 30
224.0.0.0 240.0.0.0 10.20.209.168 10.20.209.168 1
255.255.255.255 255.255.255.255 10.20.209.168 3 1
255.255.255.255 255.255.255.255 10.20.209.168 10.20.209.168 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Passerelle par défaut : 10.20.209.168
===========================================================================
Itinéraires persistants :
Aucun

Table de routage

I hope you can make something of it. After investigating this problem for a week now, I'm beginning to think it has little to do with my computer or my network, and a lot to do with changes made to the client's installation the weekend before last. Unfortunately, their IT people cannot help me, and if I don't find a way to fix this, I will lose my best client, who presently is my livelyhood.

I previewed the post and noticed that the "columns" disappear when I copy and paste, so I am also enclosing the notepad file so you can see the columns.

Attached Files

•  junk.txt   3.55KB   309 downloads

[RKinner]

I don't really like having two default gateways. That can cause a lot of confusion but with the metrics as they are and the fact that the 10. gateway is the top one it probably would work.

0.0.0.0 0.0.0.0 10.20.209.168 10.20.209.168 1
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 31

You probably had nothing to do with the network setup but the best way to do this is to use

route add 10.0.0.0 mask 255.0.0.0 10.20.209.168 metric 1 if 4
rather than to add a second default gateway.

This would add a persistent route that would send all traffic to the 10 net through your Nortel interface. Of course this assumes that you have constant IP address and are not assigned one on the fly. I've never used Nortel so I don't know exactly how they do it.

Assuming the routing sort of works we need to look at the DNS. Let's open a command window again and type:

ipconfig /all >> junk2.txt

nslookup someURLonYourNortelConnection >> junk2.txt

now set up the nortel connection and repeat the commands:

ipconfig /all >> junk.txt

nslookup someURLonYourNortelConnection >> junk2.txt

(someURLonYourNortelConnection is a placeholder for whatever you would normally type in the browser once connected.)

notepad junk2.txt

copy and paste the text to a reply.

Ron

[Kashink]

Hello again,

I do not have a constant IP address, I've always assumed it was more secure to have one assigned each time by my router. Is that true or am I mistaken? I'm obviously not an IT person...

Also, I noticed that when I start my laptop, something new is happening. On a black screen, before Windows is launched, I get to choose between lauching "regular" Windows or a Recovery Console. Is that normal?

Edited by Kashink, 03 February 2010 - 12:19 PM.

[RKinner]

The Restore Console option at reboot was added when you ran combofix. It's a safety feature.

Don't worry about the routing. That's just my own preferences. It appears that it should work OK and we will check that it does later. Go ahead with the tests I asked for. I think I know where the problem is and they will prove it.

Ron

[Kashink]

Hi Ron,

I have a few questions.

ipconfig /all >> junk2.txt
IPCONFIG space / space >> space junk2.txt

nslookup someURLonYourNortelConnection >> junk2.txt
Do I actually enter someURL... or the address I normally enter in my browser, that is http://logiterm/index.php?

ipconfig /all >> junk.txt
Should it be: junk2.txt?

[RKinner]

Enter
nslookup http://logiterm/index.php?

and yes that should have been junk2.txt.

[Kashink]

Okay, I hope I did this right. Here is the file.

UTILISATION :

ipconfig [/? | /all | /renew [carte] | /release [carte] |

/flushdns | /displaydns | /registerdns |

/showclassid carte |

/setclassid carte [ID de classe] ]



où :

carte Nom de connexion

(caractères génériques * et ? autorisés, voir les exemples)



Options :

/? Affiche ce message d'aide.

/all Affiche toutes les informations de configuration.

/release Libère l'adresse IP pour la carte spécifiée.

/renew Renouvelle l'adresse IP pour la carte spécifiée.

/flushdns Vide le cache de la résolution DNS.

/registerdns Actualise tous les baux DHCP et réinscrit les noms DNS.

/displaydns Affiche le contenu du cache de la résolution DNS.

/showclassid Affiche tous les ID de classe DHCP autorisés pour la carte.

/setclassid Modifie l'ID de classe DHCP.



Par défaut, seuls l'adresse IP, le masque de sous-réseau et

la passerelle par défaut pour chaque carte liée à TCP/IP sont affichés.



Pour la libération et le renouvellement, si aucun nom de carte n'est spécifié,

les baux d'adresse IP pour toutes les cartes liées à TCP/IP seront

libérés ou renouvelés.



Pour SetClassID, si aucun ID de classe n'est spécifié, l'ID de classe

est supprimé.



Exemples :

> ipconfig ... Affiche les informations

> ipconfig /all ... Affiche les informations détaillées

> ipconfig /renew ... Renouvelle toutes les cartes

> ipconfig /renew EL* ... Renouvelle toute connexion dont le nom

commence par EL

> ipconfig /release *Local* ... Libère les connexions correspondantes,

par exemple "Connexion au réseau local 1" ou

"Connexion au réseau local 2"

Serveur : xxx-dc4.yyy.zzz.ca
Address: 10.1.60.12

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.