Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Gendal.7680.G Infection


  • Please log in to reply

#1
Patricia7

Patricia7

    Member

  • Member
  • PipPip
  • 35 posts
Hello!

I scanned my system with avira and it found the TR/Gendal.7680.G. I moved it to quarantine. What can I do to know if my system is 100% clean now?

Here is the avira report:


Avira AntiVir Personal
Date de création du fichier de rapport : jeudi 3 juin 2010 21:29

La recherche porte sur 2183664 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : LITTLEWEEDY

Informations de version :
BUILD.DAT : 9.0.0.75 21698 Bytes 22/01/2010 23:14:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 17/05/2010 20:53:17
AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:53:14
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 20:53:15
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 20:53:15
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 20:53:15
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 20:53:16
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 20:53:16
VBASE006.VDF : 7.10.6.83 2048 Bytes 15/04/2010 20:53:16
VBASE007.VDF : 7.10.6.84 2048 Bytes 15/04/2010 20:53:16
VBASE008.VDF : 7.10.6.85 2048 Bytes 15/04/2010 20:53:16
VBASE009.VDF : 7.10.6.86 2048 Bytes 15/04/2010 20:53:16
VBASE010.VDF : 7.10.6.87 2048 Bytes 15/04/2010 20:53:16
VBASE011.VDF : 7.10.6.88 2048 Bytes 15/04/2010 20:53:16
VBASE012.VDF : 7.10.6.89 2048 Bytes 15/04/2010 20:53:16
VBASE013.VDF : 7.10.6.90 2048 Bytes 15/04/2010 20:53:16
VBASE014.VDF : 7.10.6.123 126464 Bytes 19/04/2010 20:53:16
VBASE015.VDF : 7.10.6.152 123392 Bytes 21/04/2010 20:53:16
VBASE016.VDF : 7.10.6.178 122880 Bytes 22/04/2010 20:53:16
VBASE017.VDF : 7.10.6.206 120320 Bytes 26/04/2010 20:53:16
VBASE018.VDF : 7.10.6.232 99328 Bytes 28/04/2010 20:53:16
VBASE019.VDF : 7.10.7.2 155648 Bytes 30/04/2010 20:53:16
VBASE020.VDF : 7.10.7.26 119808 Bytes 04/05/2010 20:53:16
VBASE021.VDF : 7.10.7.51 118272 Bytes 06/05/2010 20:53:16
VBASE022.VDF : 7.10.7.75 404992 Bytes 10/05/2010 20:53:16
VBASE023.VDF : 7.10.7.100 125440 Bytes 13/05/2010 20:53:16
VBASE024.VDF : 7.10.7.119 177664 Bytes 17/05/2010 19:28:11
VBASE025.VDF : 7.10.7.139 129024 Bytes 19/05/2010 05:54:40
VBASE026.VDF : 7.10.7.157 145920 Bytes 21/05/2010 18:56:06
VBASE027.VDF : 7.10.7.173 147456 Bytes 25/05/2010 18:56:12
VBASE028.VDF : 7.10.7.189 120320 Bytes 27/05/2010 08:33:31
VBASE029.VDF : 7.10.7.202 130560 Bytes 31/05/2010 16:21:33
VBASE030.VDF : 7.10.7.203 2048 Bytes 31/05/2010 16:21:33
VBASE031.VDF : 7.10.7.210 116736 Bytes 01/06/2010 19:50:23
Version du moteur : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 17/05/2010 20:53:16
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 17/05/2010 20:53:16
AESCN.DLL : 8.1.6.1 127347 Bytes 17/05/2010 20:53:16
AESBX.DLL : 8.1.3.1 254324 Bytes 17/05/2010 20:53:16
AERDL.DLL : 8.1.4.6 541043 Bytes 17/05/2010 20:53:16
AEPACK.DLL : 8.2.1.1 426358 Bytes 17/05/2010 20:53:16
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 17/05/2010 20:53:16
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 17/05/2010 20:53:16
AEHELP.DLL : 8.1.11.3 242039 Bytes 17/05/2010 20:53:16
AEGEN.DLL : 8.1.3.9 377203 Bytes 17/05/2010 20:53:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 17/05/2010 20:53:16
AECORE.DLL : 8.1.15.3 192886 Bytes 17/05/2010 20:53:16
AEBB.DLL : 8.1.1.0 53618 Bytes 17/05/2010 20:53:16
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 17/05/2010 20:53:17
AVREP.DLL : 8.0.0.7 159784 Bytes 17/05/2010 20:53:17
AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/05/2010 20:53:08
RCTEXT.DLL : 9.0.73.0 88321 Bytes 17/05/2010 20:53:11

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen

Début de la recherche : jeudi 3 juin 2010 21:29

La recherche d'objets cachés commence.
'36885' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ymsgr_tray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sgbhp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sgmain.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BTTray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AcerVCM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'oahlp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SbieCtrl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'OpenDNSUpdater.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DevDetect.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'oaui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RtkBtMnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxsrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RTHDCPL.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'IAAnotif.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'YahooAUService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlwriter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlbrowser.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SbieSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RS_Service.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sqlservr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'McSACore.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'oasrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'oacat.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'btwdins.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'55' processus ont été contrôlés avec '55' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '74' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <ACER>
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\Stuff\Photoshop 11\photoshop\400000600002i\AcroRd32Info.exe
[RESULTAT] Contient le cheval de Troie TR/Gendal.7680.G

Début de la désinfection :
C:\Stuff\Photoshop 11\photoshop\400000600002i\AcroRd32Info.exe
[RESULTAT] Contient le cheval de Troie TR/Gendal.7680.G
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4c7a17e7.qua' !


Fin de la recherche : jeudi 3 juin 2010 22:58
Temps nécessaire: 1:28:38 Heure(s)

La recherche a été effectuée intégralement

7112 Les répertoires ont été contrôlés
536223 Des fichiers ont été contrôlés
1 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
1 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
536220 Fichiers non infectés
8909 Les archives ont été contrôlées
2 Avertissements
3 Consignes
36885 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.



Ron
  • 0

#3
Patricia7

Patricia7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-04 13:14:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Patricia\LOCALS~1\Temp\uglyqfow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xA1B753E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xA1B75C10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xA1B73300]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xA1B82DD0]
SSDT A24590CE ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xA1B72E40]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xA1B6FB80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xA1B6FF90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xA1B6F440]
SSDT A24590C4 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xA1B720F0]
SSDT A24590D3 ZwDeleteKey
SSDT A24590DD ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xA1B72C50]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xA1B74A00]
SSDT A24590E2 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xA1B83450]
SSDT A24590B0 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xA1B6F860]
SSDT A24590B5 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xA1B75860]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xA1B74F80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xA1B75DB0]
SSDT A24590EC ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestPort [0xA1B73F00]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xA1B74500]
SSDT A24590E7 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xA1B728A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xA1B736F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xA1B71ED0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xA1B72290]
SSDT A24590D8 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xA1B748E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xA1B72A80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xA1B72690]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xA1B724A0]
SSDT A24590BF ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xA1B71CC0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xA1B74D10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xA1B75A30]

Code 82A6CC4C ZwTraceEvent
Code 82A6CC4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [40, 2E, B7, A1, 80, FB, B6, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [80, 2A, B7, A1, 90, 26, B7, ...]
.text ntoskrnl.exe!NtTraceEvent 805499B8 5 Bytes JMP 82A6CC50
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E77A 5 Bytes JMP 82A6CA70
.text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP 82A6C6B0
.text win32k.sys!EngCreateClip + 19C1 BF91313E 5 Bytes JMP 82A6CB10
.text win32k.sys!EngCreateClip + 1F51 BF9136CE 5 Bytes JMP 82A6CBB0

---- User code sections - GMER 1.0.15 ----

.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[156] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Java\jre6\bin\jqs.exe[584] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\igfxtray.exe[596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\WINDOWS\system32\igfxtray.exe[596] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\igfxtray.exe[596] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxtray.exe[596] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\csrss.exe[604] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe[728] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] user32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] advapi32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] advapi32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Patricia\Bureau\gmer.exe[796] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\svchost.exe[868] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\System32\svchost.exe[956] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[980] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text ...
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F210F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1E0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F240F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F270F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[1356] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Sandboxie\SbieSvc.exe[1388] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 026B0001
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1444] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1444] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1444] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1444] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1444] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F210F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1E0F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F240F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F270F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\Patricia\LOCALS~1\Temp\RtkBtMnt.exe[1516] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\spoolsv.exe[1768] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text C:\Program Files\Bonjour\mDNSResponder.exe[1868] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\svchost.exe[1888] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71AF003D
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2064] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe[2160] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F210F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1E0F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F240F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F270F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Acer\Acer VCM\AcerVCM.exe[2232] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2376] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2396] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\svchost.exe[2416] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2436] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F210F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F1E0F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F240F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F270F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\PowerISO\PWRISOVM.EXE[2744] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\SpywareGuard\sgmain.exe[2804] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2876] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe[2956] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E00001
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\RTHDCPL.EXE[3092] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[3092] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3156] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\ctfmon.exe[3208] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3208] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\WINDOWS\system32\hkcmd.exe[3404] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\hkcmd.exe[3404] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[3404] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\WINDOWS\system32\igfxpers.exe[3492] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\igfxpers.exe[3492] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxpers.exe[3492] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!sendto 719F2F51 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!select 719F30A8 6 Bytes JMP 5F310F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!closesocket 719F3E2B 6 Bytes JMP 5F220F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!ioctlsocket 719F3F50 6 Bytes JMP 5F340F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!connect 719F4A07 6 Bytes JMP 5F250F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!send 719F4C27 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!WSARecv 719F4CB5 6 Bytes JMP 5F400F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!recv 719F676F 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!WSASend 719F68FA 6 Bytes JMP 5F430F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] WS2_32.dll!WSAAsyncSelect 71A00991 6 Bytes JMP 5F370F5A
.text C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe[3536] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3584] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3648] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\System32\alg.exe[3828] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3980] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] kernel32.dll!CloseHandle 7C809BE7 6 Bytes JMP 5F190F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 71B0003D
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F160F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] USER32.dll!ExitWindowsEx 7E3DA275 6 Bytes JMP 5F100F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] ADVAPI32.dll!CreateServiceA 77E07211 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] ADVAPI32.dll!CreateServiceW 77E073A9 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] WS2_32.dll!socket 719F4211 6 Bytes JMP 5F040F5A
.text C:\Program Files\SpywareGuard\sgbhp.exe[4040] IPHLPAPI.DLL!IcmpSendEcho2 76D1B73C 6 Bytes JMP 5F130F5A

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x46 0x0C 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x46 0x0C 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x46 0x0C 0x3E ...

---- EOF - GMER 1.0.15 ----


MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4103

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/06/2010 23:21:48
mbam-log-2010-06-03 (23-21-48).txt

Scan type: Quick scan
Objects scanned: 132960
Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
Patricia7

Patricia7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 04/06/2010 14:26:53 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Patricia\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 364,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143,04 Gb Total Space | 104,60 Gb Free Space | 73,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LITTLEWEEDY
Current User Name: Patricia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/04 13:24:19 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Mes documents\Téléchargements\OTL.exe
PRC - [2010/06/04 10:06:54 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Patricia\Local Settings\temp\RtkBtMnt.exe
PRC - [2010/05/17 22:53:17 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/05/17 22:53:17 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/04/20 04:22:56 | 003,075,576 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2010/04/20 04:22:54 | 006,788,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2010/04/20 04:22:54 | 003,506,680 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2010/04/20 04:22:54 | 001,284,600 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2010/04/17 12:56:08 | 000,394,984 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/04/17 12:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/04/01 20:01:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2009/11/16 21:58:38 | 000,839,168 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/09/15 15:07:10 | 000,602,960 | ---- | M] (ACD Systems International Inc.) -- C:\Program Files\Fichiers communs\ACD Systems\EN\DevDetect.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/10 20:24:38 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2008/11/27 12:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 14:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 16:55:30 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/06/04 13:24:19 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patricia\Mes documents\Téléchargements\OTL.exe
MOD - [2010/04/20 04:22:56 | 001,004,024 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/04/14 14:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 14:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 14:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/17 22:53:17 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/05/17 22:53:17 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/20 04:22:54 | 003,506,680 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/04/20 04:22:54 | 001,284,600 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/04/17 12:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/11/27 12:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/05/17 22:53:17 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/17 22:53:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/20 04:13:30 | 000,024,440 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/04/20 04:13:14 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/04/20 04:13:10 | 000,228,216 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/04/17 12:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/29 00:38:03 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/06 04:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/12/26 11:27:26 | 004,968,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/11/21 12:36:46 | 000,160,256 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/09/23 19:15:00 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/04/14 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/13 12:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2008/04/13 12:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 01:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/23 13:10:38 | 001,265,536 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/11/05 16:54:00 | 000,879,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/11/05 16:53:58 | 000,539,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/06/29 11:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 12:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...mp;m=aspire_one

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\..\URLSearchHook: {d0b1518e-3e45-4d16-a23b-4d90ef938e44} - C:\Program Files\Audacity-tools\tbAuda.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/01 21:55:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/17 17:53:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/24 18:05:26 | 000,000,000 | ---D | M]

[2010/05/17 17:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Extensions
[2010/06/03 23:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2rc9af2s.default\extensions
[2010/05/17 18:36:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2rc9af2s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/20 19:36:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2rc9af2s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/17 18:36:11 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2rc9af2s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/03 23:01:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/28 19:45:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/04/14 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Audacity-tools Toolbar) - {d0b1518e-3e45-4d16-a23b-4d90ef938e44} - C:\Program Files\Audacity-tools\tbAuda.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Audacity-tools Toolbar) - {D0B1518E-3E45-4D16-A23B-4D90EF938E44} - C:\Program Files\Audacity-tools\tbAuda.dll (Conduit Ltd.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.DLL ( )
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Patricia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/20 02:42:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9c8f07d0-db8b-11de-bc5a-00242be4d32a}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{a321c462-667c-11df-bdb7-00235a6597c2}\Shell - "" = AutoRun
O33 - MountPoints2\{a321c462-667c-11df-bdb7-00235a6597c2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/06/04 13:19:36 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/02 21:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\ProgrSys
[2010/06/02 19:54:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/01 22:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\GRETECH
[2010/06/01 21:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Nokia
[2010/06/01 21:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\PC Suite
[2010/06/01 21:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/06/01 21:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/06/01 21:52:44 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/06/01 21:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/06/01 08:53:27 | 000,091,136 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/06/01 08:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/06/01 07:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\AnyBizSoft_PDF_to_Word_Converter_3.0.0_Portable_by_LP
[2010/05/31 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Free PDF to Word Converter
[2010/05/31 19:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\SE
[2010/05/30 16:57:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/30 16:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/05/30 16:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\Algo
[2010/05/29 21:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/29 21:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Conduit
[2010/05/29 21:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Audacity-tools
[2010/05/29 21:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity-tools
[2010/05/29 21:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\MultimediaTools
[2010/05/24 19:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
[2010/05/23 17:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\UML
[2010/05/23 17:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\PPP
[2010/05/23 16:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\Sybase
[2010/05/23 16:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PowerAMC 15
[2010/05/23 16:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/23 13:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\WMTools Downloaded Files
[2010/05/23 13:41:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Mes vidéos
[2010/05/23 13:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Patricia\Mes documents\Mes vidéos
[2010/05/20 19:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/05/20 17:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\Stagii
[2010/05/18 19:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2010/05/17 22:43:24 | 000,000,000 | ---D | C] -- C:\Vista
[2010/05/17 22:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010/05/17 21:38:48 | 000,000,000 | ---D | C] -- C:\Temp
[2010/05/17 21:26:25 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/05/17 21:26:25 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/05/17 21:26:25 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/05/17 21:26:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/05/17 21:26:25 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/05/17 21:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/05/17 21:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/05/17 19:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\Security
[2010/05/17 19:08:52 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/05/17 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2010/05/17 18:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Mes documents\MSDN
[2010/05/17 18:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\OpenDNS Updater
[2010/05/17 18:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2010/05/17 18:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\McAfee
[2010/05/17 18:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/05/17 18:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\MailWasherFree
[2010/05/17 18:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\FireTrust
[2010/05/17 18:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\OnlineArmor
[2010/05/17 18:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/05/17 18:09:23 | 000,228,216 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/05/17 18:09:23 | 000,029,560 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/05/17 18:09:23 | 000,024,440 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/05/17 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2010/05/17 18:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/05/17 17:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/17 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/05/16 21:51:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/16 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java
[2010/05/16 21:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/16 21:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/05/16 20:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\.SunDownloadManager
[2010/05/16 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/16 11:57:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/15 21:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/05/15 17:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/15 17:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\Malwarebytes
[2010/05/15 17:22:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/15 17:22:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/15 17:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/15 17:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/15 16:37:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/15 16:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/15 01:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/14 21:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau
[2010/05/14 20:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\imeshmediabartb
[2010/05/14 20:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Bureau\stufff
[2010/05/14 15:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/14 15:10:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/14 14:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/04 14:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/02 18:06:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/12 10:44:34 | 000,059,388 | ---- | C] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2010/04/05 15:08:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\SQL Developer
[2010/04/04 16:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Mes documents\DVDVideoSoft
[2010/04/04 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DVDVideoSoft
[2010/04/01 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/04/01 19:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/04/01 19:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/01 19:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/04/01 19:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/04/01 19:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/01 18:46:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Patricia\Mes documents\Mes sites Web
[2010/04/01 18:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Mes documents\Expression
[2010/04/01 17:27:33 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/04/01 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2010/03/22 12:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/03/21 14:54:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Patricia\Bureau\[Originals]
[2010/03/21 14:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\ACD Systems
[2010/03/21 14:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Application Data\ACD Systems
[2010/03/21 14:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ACD Systems
[2010/03/21 14:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patricia\Local Settings\Application Data\Downloaded Installations
[2009/04/15 13:22:16 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/04/15 13:22:13 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/01/20 11:27:19 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 90 Days ==========

[2010/06/04 14:26:08 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Patricia\ntuser.dat
[2010/06/04 13:19:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/04 13:18:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 13:18:53 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 10:04:56 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Patricia\ntuser.ini
[2010/06/04 10:04:26 | 001,233,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/04 10:04:26 | 000,553,560 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/06/04 10:04:26 | 000,477,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/04 10:04:26 | 000,102,872 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/06/04 10:04:26 | 000,084,572 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/02 21:03:13 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Patricia\Application Data\winscp.rnd
[2010/06/01 23:00:47 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\GOM Player.lnk
[2010/06/01 22:54:02 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 07:30:55 | 004,670,275 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\cours.docx
[2010/05/31 22:08:42 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\Free PDF to Word Converterr.lnk
[2010/05/31 15:52:03 | 000,001,468 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\WinSCP.lnk
[2010/05/30 16:58:20 | 000,099,272 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/30 16:57:15 | 000,002,058 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro 3.lnk
[2010/05/29 21:14:43 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\Audacity.lnk
[2010/05/29 18:01:15 | 000,001,406 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/25 19:35:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/25 19:35:30 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 17:02:51 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\Microsoft PowerPoint Viewer .lnk
[2010/05/23 17:02:35 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\PowerAMC.lnk
[2010/05/20 21:03:00 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\OpenOffice.org 3.2.lnk
[2010/05/20 19:47:29 | 000,151,482 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\image1xxl.jpg
[2010/05/20 19:35:31 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Yahoo! Messenger.lnk
[2010/05/20 16:00:12 | 000,167,543 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\image4xxl2.jpg
[2010/05/20 15:57:59 | 000,156,559 | ---- | M] () -- C:\Documents and Settings\Patricia\Bureau\image4xxl.jpg
[2010/05/19 06:45:31 | 005,368,198 | -H-- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\IconCache.db
[2010/05/18 19:27:16 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
[2010/05/17 22:53:17 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/05/17 22:53:17 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/05/17 21:26:41 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/05/17 21:12:26 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/17 18:04:44 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk
[2010/05/17 17:53:48 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/05/16 12:01:29 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/15 16:55:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/15 16:37:54 | 000,000,286 | RHS- | M] () -- C:\boot.ini
[2010/05/14 21:06:38 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/14 13:55:00 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\housecall.guid.cache
[2010/05/11 22:54:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/20 04:13:30 | 000,024,440 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/04/20 04:13:14 | 000,029,560 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/04/20 04:13:10 | 000,228,216 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/04/12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2010/04/01 19:01:02 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2010/06/04 10:11:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\gmer.exe
[2010/06/01 22:52:28 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\GOM Player.lnk
[2010/06/01 07:26:35 | 004,670,275 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\cours.docx
[2010/05/31 22:08:42 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\Free PDF to Word Converterr.lnk
[2010/05/31 15:52:03 | 000,001,468 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\WinSCP.lnk
[2010/05/30 16:57:15 | 000,002,058 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ACDSee Pro 3.lnk
[2010/05/29 21:14:43 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\Audacity.lnk
[2010/05/23 17:02:45 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\Microsoft PowerPoint Viewer .lnk
[2010/05/23 17:02:35 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\PowerAMC.lnk
[2010/05/20 21:03:00 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\OpenOffice.org 3.2.lnk
[2010/05/20 19:35:31 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Yahoo! Messenger.lnk
[2010/05/20 16:01:22 | 000,151,482 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\image1xxl.jpg
[2010/05/20 16:00:10 | 000,167,543 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\image4xxl2.jpg
[2010/05/20 15:57:58 | 000,156,559 | ---- | C] () -- C:\Documents and Settings\Patricia\Bureau\image4xxl.jpg
[2010/05/18 19:27:16 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
[2010/05/17 21:26:41 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2010/05/17 19:08:15 | 000,001,406 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/05/17 18:04:44 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\SpywareGuard.lnk
[2010/05/17 17:53:48 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Mozilla Firefox.lnk
[2010/05/16 19:11:57 | 1063,202,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/16 12:01:29 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Patricia\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/15 16:37:54 | 000,000,216 | ---- | C] () -- C:\Boot.bak
[2010/05/15 16:37:49 | 000,263,488 | ---- | C] () -- C:\cmldr
[2010/05/14 13:55:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Patricia\Local Settings\Application Data\housecall.guid.cache
[2010/04/01 21:34:01 | 000,826,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/19 14:00:49 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/01/19 13:30:28 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/01/19 13:30:28 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/01/19 13:30:28 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/10/28 14:29:40 | 000,000,940 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/04/15 13:22:16 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/04/15 13:22:16 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/04/15 13:22:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/01/20 04:28:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/20 03:36:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/01/20 02:45:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/01/20 02:39:57 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/11/01 16:53:34 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/11/01 16:43:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/17 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/05/30 16:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/04/15 13:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broadcom
[2009/11/28 11:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/11/28 11:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/05/17 21:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/06/01 21:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/23 16:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PowerAMC 15
[2010/05/17 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/18 16:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2010/02/04 09:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/21 14:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\ACD Systems
[2009/01/20 04:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Acer
[2010/05/14 20:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\eSobi
[2010/05/14 20:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\imeshmediabartb
[2010/05/17 19:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\MailWasherFree
[2010/06/01 21:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\Nokia
[2010/05/17 18:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OnlineArmor
[2010/05/17 18:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OpenDNS Updater
[2010/02/21 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\OpenOffice.org
[2010/06/01 21:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\PC Suite
[2010/04/09 06:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\SQL Developer
[2010/05/14 13:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Patricia\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/01/20 02:42:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/28 01:36:15 | 000,000,216 | ---- | M] () -- C:\Boot.bak
[2010/05/15 16:37:54 | 000,000,286 | RHS- | M] () -- C:\boot.ini
[2008/04/14 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2004/08/03 23:00:08 | 000,263,488 | ---- | M] () -- C:\cmldr
[2009/01/20 02:42:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/24 22:58:42 | 3054,065,664 | ---- | M] () -- C:\fr_windows_vista_with_service_pack_1_x86_dvd_x14-29610.iso
[2010/06/04 13:18:53 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 13:28:44 | 000,004,520 | ---- | M] () -- C:\INSTALL_Patricia_01000005.ERR
[2009/01/20 02:42:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/09 10:50:59 | 000,002,016 | ---- | M] () -- C:\MOD01SET0J00P2000G.enc
[2008/09/11 11:27:43 | 000,002,488 | ---- | M] () -- C:\MOD01WOS02FRP20001.enc
[2009/01/20 02:42:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 14:00:00 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010/06/04 13:18:51 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/01/20 03:33:55 | 000,001,701 | ---- | M] () -- C:\RHDSetup.log
[2009/04/15 13:25:10 | 000,000,215 | ---- | M] () -- C:\Setup.log
[2010/02/21 21:06:46 | 000,000,045 | ---- | M] () -- C:\TEST.XML

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 14:00:00 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/01/20 03:36:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/20 03:36:40 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/20 03:36:40 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 14:00:00 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=E853F84D3CE2FAA2A802E33CF89AC023 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=FB836F9E62D82904C983AD21296A5D9C -- C:\WINDOWS\system32\ws2_32.dll
< End of report >
  • 0

#5
Patricia7

Patricia7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL Extras logfile created on: 04/06/2010 13:30:52 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Patricia\Mes documents\Téléchargements
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 014,00 Mb Total Physical Memory | 452,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143,04 Gb Total Space | 104,61 Gb Free Space | 73,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LITTLEWEEDY
Current User Name: Patricia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Acer\Acer VCM\VC.exe" = C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement -- (Acer Incoporated)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1F24E48F-7692-4E89-8784-68DD4D2712A0}" = Microsoft SQL Server Native Client
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3F59A7E0-BC01-4435-9E93-C7D7015C21DA}" = Microsoft SQL Server 2005 Tools Express Edition
"{3F7924B9-D148-3141-87B1-68F36043A940}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA
"{480DBB60-F0B6-45F2-B26F-1A2E11197791}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{48B0BE4A-EDC9-44C4-A3DB-67D62D75961F}" = Sybase PowerAMC 15.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511DF669-2930-30C0-8EB6-552887E29EC8}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA
"{5903C48B-E953-47B8-A651-B9222C483057}" = Analyseur MSXML 6.0
"{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}" = Microsoft .NET Framework 3.5 Language Pack - fra
"{67D0313C-4F15-437D-9A2D-C1564088A26A}" = Windows Live Sync
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{97B3824E-B2D2-4C49-A860-BCA56F10B040}" = OpenOffice.org 3.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A30179B7-997A-4D47-AA43-57AE59A9C78B}" = Microsoft SQL Server VSS Writer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD2741DA-FF11-4531-9148-B5D98E7812AF}" = Microsoft MSDN 2005 Express Edition - FRA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E5B72007-07C9-4E67-B29E-696073F45704}" = DropMyRights
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity-tools Toolbar" = Audacity-tools Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 1.5
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"JCreator LE_is1" = JCreator LE 3.50
"MailWasher Free_is1" = MailWasher Free 6.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - fra" = Module linguistique Microsoft .NET Framework 3.5 - fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - FRA" = Microsoft MSDN 2005 Express - FRA
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Multimedia Tools - Audacity" = Multimedia Tools - Audacity
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OnlineArmor_is1" = Online Armor 4.0
"OpenDNS Updater" = OpenDNS Updater 2.2
"PowerISO" = PowerISO
"Sandboxie" = Sandboxie 3.442
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = Archiveur WinRAR
"winscp3_is1" = WinSCP 4.2.7
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/05/2010 12:49:20 | Computer Name = LITTLEWEEDY | Source = ESENT | ID = 490
Description = svchost (956) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

[ Application Events ]
Error - 19/05/2010 12:49:20 | Computer Name = LITTLEWEEDY | Source = ESENT | ID = 490
Description = svchost (956) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
pour accès en lecture/écriture a échoué en indiquant l'erreur système 32 (0x00000020)
: "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un
autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur
-1032 (0xfffffbf8).

[ System Events ]
Error - 04/06/2010 04:34:29 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
AntiVirSchedulerService à une transaction.

Error - 04/06/2010 04:37:30 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
AntiVirSchedulerService à une transaction.

Error - 04/06/2010 04:39:30 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7011
Description = Délai (30000 millisecondes) d'attente pour une réponse du service
AntiVirSchedulerService à une transaction.

Error - 04/06/2010 05:03:11 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : BTHidMgr

Error - 04/06/2010 05:59:45 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : BTHidMgr

Error - 04/06/2010 07:19:28 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : BTHidMgr

Error - 04/06/2010 07:26:06 | Computer Name = LITTLEWEEDY | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 04/06/2010 07:26:06 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2

Error - 04/06/2010 07:31:28 | Computer Name = LITTLEWEEDY | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 04/06/2010 07:31:28 | Computer Name = LITTLEWEEDY | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%2


< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I don't see anything in your logs that looks bad except for a few odd event logs. We can run Combofix to make sure:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus program at this time :!:

If you are feeling paranoid you can also run one or both of the following online scans. Be warned that the first one will take several hours to complete:
Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

Ron
  • 0

#7
Patricia7

Patricia7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ComboFix 10-06-03.01 - Patricia 04/06/2010 19:17:58.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.492 [GMT 2:00]
Lancé depuis: c:\documents and settings\Patricia\Bureau\george.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((( Fichiers créés du 2010-05-04 au 2010-06-04 ))))))))))))))))))))))))))))))))))))
.

2010-06-01 20:54 . 2010-06-01 20:57 6814720 ----a-w- c:\documents and settings\Patricia\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-06-01 20:54 . 2007-03-22 10:46 126976 ----a-w- c:\documents and settings\Patricia\Application Data\GRETECH\GomPlayer\GrLauncher.exe
2010-06-01 20:52 . 2010-06-01 20:52 -------- d-----w- c:\documents and settings\Patricia\Application Data\GRETECH
2010-06-01 19:53 . 2010-06-01 19:53 -------- d-----w- c:\documents and settings\Patricia\Application Data\Nokia
2010-06-01 19:53 . 2010-06-01 19:53 -------- d-----w- c:\documents and settings\Patricia\Application Data\PC Suite
2010-06-01 19:53 . 2010-06-01 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-06-01 19:52 . 2010-06-01 19:52 -------- d-----w- c:\program files\DIFX
2010-06-01 19:52 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-01 19:52 . 2010-06-01 19:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-01 06:53 . 2009-10-06 09:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-01 06:53 . 2010-06-02 17:55 -------- d-----w- c:\program files\Nokia
2010-06-01 06:53 . 2009-11-28 09:48 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
2010-06-01 06:52 . 2010-06-01 06:52 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-06-01 06:52 . 2010-06-01 06:52 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-06-01 06:52 . 2010-06-01 06:52 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-06-01 06:52 . 2010-06-01 06:52 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-31 20:08 . 2010-05-31 20:08 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-05-30 14:57 . 2010-05-30 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-05-30 14:56 . 2010-05-30 14:56 -------- d-----w- c:\program files\ACD Systems
2010-05-29 19:15 . 2010-05-29 19:15 -------- d-----w- c:\program files\Conduit
2010-05-29 19:15 . 2010-05-29 19:15 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\Conduit
2010-05-29 19:15 . 2010-06-04 17:12 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\Audacity-tools
2010-05-29 19:15 . 2010-05-29 19:15 -------- d-----w- c:\program files\Audacity-tools
2010-05-29 19:14 . 2010-05-29 19:14 -------- d-----w- c:\program files\MultimediaTools
2010-05-23 14:41 . 2010-05-23 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PowerAMC 15
2010-05-23 14:41 . 2010-05-23 14:41 -------- d-----w- c:\program files\Sybase
2010-05-23 14:33 . 2010-05-23 14:33 -------- d-----w- c:\program files\MSECache
2010-05-23 11:41 . 2010-05-23 11:41 -------- d-----w- c:\documents and settings\Patricia\Local Settings\Application Data\WMTools Downloaded Files
2010-05-22 16:19 . 2010-05-22 16:19 503808 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-196d65b4-n\msvcp71.dll
2010-05-22 16:19 . 2010-05-22 16:19 499712 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-196d65b4-n\jmc.dll
2010-05-22 16:19 . 2010-05-22 16:19 348160 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-196d65b4-n\msvcr71.dll
2010-05-22 16:19 . 2010-05-22 16:19 61440 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e73fbd6-n\decora-sse.dll
2010-05-22 16:19 . 2010-05-22 16:19 12800 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e73fbd6-n\decora-d3d.dll
2010-05-20 19:03 . 2010-05-20 19:03 7424000 ----a-r- c:\documents and settings\Patricia\Application Data\Microsoft\Installer\{97B3824E-B2D2-4C49-A860-BCA56F10B040}\soffice.exe
2010-05-20 17:36 . 2010-05-27 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-20 17:35 . 2010-05-11 10:49 607544 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-05-18 17:27 . 2007-11-05 14:54 879528 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-05-18 17:27 . 2007-06-29 09:38 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-05-18 17:27 . 2007-03-31 10:02 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-05-18 17:27 . 2007-03-23 07:50 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-18 17:27 . 2007-11-05 14:53 539576 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-05-18 17:27 . 2010-05-18 17:27 -------- d-----w- c:\program files\WIDCOMM
2010-05-17 20:43 . 2010-05-17 20:43 -------- d-----w- C:\Vista
2010-05-17 20:38 . 2010-05-17 20:38 -------- d-----w- c:\program files\PowerISO
2010-05-17 20:27 . 2010-05-17 20:27 -------- d-----w- c:\temp\Windows Vista (x86) - DVD (French)
2010-05-17 19:38 . 2010-05-17 20:33 -------- d-----w- C:\Temp
2010-05-17 19:26 . 2010-05-17 20:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-17 19:26 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-17 19:26 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-17 19:26 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-17 19:26 . 2010-05-17 19:26 -------- d-----w- c:\program files\Avira
2010-05-17 19:26 . 2010-05-17 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-17 17:08 . 2010-05-17 17:08 -------- d-----r- C:\Sandbox
2010-05-17 17:07 . 2010-05-17 17:07 -------- d-----w- c:\program files\Sandboxie
2010-05-17 16:50 . 2010-05-17 16:50 -------- d-----w- c:\documents and settings\Patricia\Application Data\OpenDNS Updater
2010-05-17 16:50 . 2010-05-17 16:50 -------- d-----w- c:\program files\OpenDNS Updater
2010-05-17 16:38 . 2010-05-17 16:38 -------- d-----w- c:\program files\Fichiers communs\McAfee
2010-05-17 16:38 . 2010-05-29 18:06 -------- d-----w- c:\program files\McAfee
2010-05-17 16:13 . 2010-05-17 17:20 -------- d-----w- c:\documents and settings\Patricia\Application Data\MailWasherFree
2010-05-17 16:13 . 2010-05-17 16:13 -------- d-----w- c:\program files\FireTrust
2010-05-17 16:09 . 2010-05-17 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-05-17 16:09 . 2010-05-17 16:09 -------- d-----w- c:\documents and settings\Patricia\Application Data\OnlineArmor
2010-05-17 16:09 . 2010-04-20 02:13 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-05-17 16:09 . 2010-04-20 02:13 29560 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-05-17 16:09 . 2010-04-20 02:13 228216 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-05-17 16:09 . 2010-05-17 16:09 -------- d-----w- c:\program files\Tall Emu
2010-05-17 16:04 . 2010-05-17 16:38 -------- d-----w- c:\program files\SpywareGuard
2010-05-17 15:59 . 2010-05-17 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-17 15:58 . 2010-05-17 16:02 -------- d-----w- c:\program files\SpywareBlaster
2010-05-16 19:42 . 2010-05-16 19:42 -------- d-----w- c:\program files\Fichiers communs\Java
2010-05-16 19:42 . 2010-05-16 19:42 503808 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d12359d-n\msvcp71.dll
2010-05-16 19:42 . 2010-05-16 19:42 499712 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d12359d-n\jmc.dll
2010-05-16 19:42 . 2010-05-16 19:42 348160 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6d12359d-n\msvcr71.dll
2010-05-16 19:42 . 2010-05-16 19:42 61440 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6762b3fe-n\decora-sse.dll
2010-05-16 19:42 . 2010-05-16 19:42 12800 ----a-w- c:\documents and settings\Patricia\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6762b3fe-n\decora-d3d.dll
2010-05-16 19:42 . 2010-05-16 19:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-16 19:42 . 2010-05-16 19:42 -------- d-----w- c:\program files\Java
2010-05-16 19:24 . 2010-05-16 19:24 -------- d-----w- c:\program files\ACW
2010-05-16 18:54 . 2010-05-16 19:06 -------- d-----w- c:\documents and settings\Patricia\.SunDownloadManager
2010-05-16 10:01 . 2010-05-16 10:01 -------- d-----w- c:\program files\ERUNT
2010-05-15 19:25 . 2010-05-16 19:54 -------- d-----w- c:\windows\BDOSCAN8
2010-05-15 15:37 . 2010-05-15 15:37 -------- d-----w- c:\program files\ESET
2010-05-15 15:22 . 2010-05-15 15:22 -------- d-----w- c:\documents and settings\Patricia\Application Data\Malwarebytes
2010-05-15 15:22 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-15 15:22 . 2010-05-15 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-15 15:22 . 2010-05-15 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-15 15:22 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 19:15 . 2010-06-02 17:55 -------- d-----w- c:\documents and settings\All Users\Bureau
2010-05-14 18:53 . 2010-05-14 18:56 -------- d-----w- c:\documents and settings\Patricia\Application Data\imeshmediabartb
2010-05-14 12:24 . 2010-05-14 12:24 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 08:04 . 2009-01-20 09:27 553560 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-04 08:04 . 2009-01-20 09:27 102872 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-03 05:28 . 2010-02-21 19:16 1 ----a-w- c:\documents and settings\Patricia\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-01 20:50 . 2009-11-28 10:36 -------- d-----w- c:\program files\GRETECH
2010-05-31 16:19 . 2010-02-19 11:55 -------- d-----w- c:\program files\WinSCP
2010-05-30 14:58 . 2009-11-27 23:36 99272 ----a-w- c:\documents and settings\Patricia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-30 14:57 . 2010-03-21 12:24 -------- d-----w- c:\program files\Fichiers communs\ACD Systems
2010-05-24 17:12 . 2009-01-20 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-23 14:42 . 2009-01-20 01:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-20 19:01 . 2010-02-19 12:02 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-20 17:36 . 2009-11-28 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-20 17:36 . 2009-11-28 09:16 -------- d-----w- c:\program files\Yahoo!
2010-05-17 17:01 . 2009-11-29 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2010-05-17 16:38 . 2009-01-20 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-14 19:28 . 2010-02-12 21:46 -------- d-----w- c:\program files\iMesh Applications
2010-05-14 19:24 . 2010-04-01 19:34 826440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-14 19:19 . 2010-02-18 16:14 -------- d-----w- c:\program files\Winamp
2010-05-14 19:17 . 2010-05-02 16:06 -------- d-----w- c:\program files\QuickTime
2010-05-14 19:16 . 2010-02-04 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-14 19:08 . 2009-01-20 01:42 -------- d-----w- c:\program files\Microsoft Works
2010-05-14 19:00 . 2009-11-28 18:07 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-14 18:52 . 2010-04-01 15:25 -------- d-----w- c:\program files\Microsoft Expression
2010-05-14 18:26 . 2010-02-04 07:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-05-14 18:22 . 2010-04-04 14:47 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft
2010-05-14 18:20 . 2009-01-20 02:11 -------- d-----w- c:\program files\eSobi
2010-05-14 18:20 . 2009-11-28 09:20 -------- d-----w- c:\documents and settings\Patricia\Application Data\eSobi
2010-05-14 11:47 . 2010-01-18 20:20 -------- d-----r- c:\program files\Skype
2010-05-14 11:47 . 2010-01-18 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-14 11:45 . 2009-11-28 09:31 -------- d-----w- c:\documents and settings\Patricia\Application Data\uTorrent
2010-05-14 11:42 . 2010-01-18 20:21 -------- d-----w- c:\documents and settings\Patricia\Application Data\Skype
2010-05-14 08:16 . 2010-01-18 20:24 -------- d-----w- c:\documents and settings\Patricia\Application Data\skypePM
2010-05-02 14:22 . 2009-01-20 01:47 -------- d-----w- c:\program files\Google
2010-04-12 08:44 . 2010-04-12 08:44 59388 ----a-w- c:\windows\system32\drivers\scdemu.sys
2010-04-09 04:46 . 2010-04-05 13:08 -------- d-----w- c:\documents and settings\Patricia\Application Data\SQL Developer
2010-04-09 04:46 . 2010-04-05 13:08 1561 ----a-w- c:\documents and settings\Patricia\Application Data\SQL Developer\system2.1.1.64.45\o.sqldeveloper.11.1.1.64.45\System.sys
2010-03-11 12:34 . 2009-01-20 09:27 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:34 . 2009-01-20 09:27 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:34 . 2009-01-20 09:27 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:10 . 2009-01-20 09:27 430080 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d0b1518e-3e45-4d16-a23b-4d90ef938e44}"= "c:\program files\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-01-16 06:59 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d0b1518e-3e45-4d16-a23b-4d90ef938e44}"= "c:\program files\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D0B1518E-3E45-4D16-A23B-4D90EF938E44}"= "c:\program files\Audacity-tools\tbAuda.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{d0b1518e-3e45-4d16-a23b-4d90ef938e44}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2009-11-16 839168]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-05-11 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6788600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Patricia\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-20 565248]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-11-1 576104]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17/05/2010 18:09 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17/05/2010 18:09 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17/05/2010 18:09 29560]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [17/05/2010 21:26 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [17/05/2010 18:38 93320]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [17/05/2010 18:09 1284600]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [20/01/2009 04:12 237568]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [17/05/2010 18:09 3506680]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/01/2010 17:51 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [20/01/2009 03:35 160256]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/11/2009 00:38 721904]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.imesh.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xph&d=1109&m=aspire_one
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Envoyer à Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {780776A8-4132-4579-9682-9F2E760E6C14} = 208.67.222.222,208.67.220.220
TCP: {C13CCC36-D64D-4FDC-ADC2-21CC1D8C4F2E} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Patricia\Application Data\Mozilla\Firefox\Profiles\2rc9af2s.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Patricia\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 19:26
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2368)
c:\progra~1\FICHIE~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2010-06-04 19:31:06
ComboFix-quarantined-files.txt 2010-06-04 17:31

Avant-CF: 112 197 140 480 octets libres
Après-CF: 112 156 147 712 octets libres

- - End Of File - - B47409980608BB292CA6F313193DCE3E
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Looks clean to me. I think Avira did its job correctly.

Make sure you can get windows updates.

I see you have had utorrent at one time. P2P programs like utorrent and limewire are good sources of infected files so should be avoided. If you must use P2P, make sure you submit all files to http://virustotal.com before opening them.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and close My Computer.

make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.


Ron
  • 0

#9
Patricia7

Patricia7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you very much for all your useful advice. I have installed all the programs you recommended. Hope that my system would be protected against all the infections.

Thank you again! You all do a great work by helping people on this website.

Patricia
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP