Il y a actuellement 409 visiteurs
Jeudi 25 Avril 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

Virus Win32:OnLineGames-FVB

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel
Répondre

Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:09

Bonjour
Avast me détecte un virus...Pouvez-vous m'aider

MERCI

Marlene
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:12

hello,

Indique le nom du fichier et son emplacement stp...

ensuite...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"


%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
winlogon.exe
ctfmon.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:21

Merci...

Avast me dit:
Objet: C:\et3types.exe
Infection: Win32:OnLineGames-FVB[Cryp]
Action: Supprimé
Processus: C:\WINDOWS\Explorer.exe

Je lance OTL
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:50

Cela me parait très long...est-ce normal?
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 20:58

Le fichier OTL.txt
Code: Tout sélectionner
OTL logfile created on: 23/11/2010 20:24:37 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Marlène\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
502,00 Mb Total Physical Memory | 184,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51,39 Gb Total Space | 10,86 Gb Free Space | 21,14% Space Free | Partition Type: NTFS
 
Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Marlène\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Marlène\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (fbxusb) -- C:\WINDOWS\system32\drivers\fbxusb.sys (FreeBox SA)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 18:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 19:03:41 | 000,000,000 | ---D | M]
 
[2008/09/06 09:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Extensions
[2010/11/23 20:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions
[2010/05/06 18:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/06 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\FFClickOnce@softwarepunk.com
[2010/11/23 20:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 17:19:16 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/28 17:19:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/28 17:19:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/11 11:35:00 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/28 17:19:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/28 17:19:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/10/13 20:28:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ShowLOMControl]  File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ddesmgr: DllName - ddesmgr.dll -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {BD804BDD-9A9E-45F5-B9CD-99832A48603C} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/23 20:26:52 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\AutoRun\command - "" = et3ypes.exe
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\open\Command - "" = et3ypes.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
MsConfig - StartUpReg: [b]DMXLauncher[/b] - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]LifeCam[/b] - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]ModemOnHold[/b] - hkey= - key= - C:\Program Files\NetWaiting\netWaiting.exe File not found
MsConfig - StartUpReg: [b]MSKDetectorExe[/b] - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe File not found
MsConfig - StartUpReg: [b]RealTray[/b] - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: WriteRegStr -
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/11/23 20:18:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe
[2010/11/18 07:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\Temp
[2010/11/17 16:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Mes documents\Mes documents Delivery
[2010/11/17 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2010/11/17 16:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
[2010/11/17 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\Google
[2010/11/17 14:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/17 14:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/17 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/17 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/17 14:38:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/17 14:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/06 10:50:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marlène\Recent
[2010/11/06 10:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/03 11:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\PCHealth
[2010/10/28 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2010/10/28 10:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hatier
[2010/10/28 10:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010/10/27 13:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Bureau\Partitions_sopranes
[2006/04/16 15:22:52 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/04/16 15:22:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/04/16 15:22:52 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/04/16 15:22:52 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/04/16 15:22:52 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/04/16 15:22:50 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/04/16 15:22:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/04/16 15:22:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/04/16 15:22:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/11/23 20:33:07 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010/11/23 20:18:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe
[2010/11/23 19:55:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 19:34:19 | 000,516,836 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/23 19:34:19 | 000,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/23 19:34:19 | 000,087,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/23 19:34:19 | 000,073,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/23 19:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/23 19:29:14 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 19:29:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job
[2010/11/23 19:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 19:28:39 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 20:30:36 | 000,949,039 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0002.jpg
[2010/11/21 20:30:35 | 001,129,128 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0001.jpg
[2010/11/21 20:23:50 | 000,664,084 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0005.jpg
[2010/11/21 20:23:49 | 001,063,789 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0004.jpg
[2010/11/21 20:23:48 | 000,840,269 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0003.jpg
[2010/11/21 20:23:47 | 000,602,559 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0002.jpg
[2010/11/21 20:23:46 | 001,085,149 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0001.jpg
[2010/11/18 19:03:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/17 19:30:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job
[2010/11/17 17:14:06 | 000,000,083 | ---- | M] () -- C:\WINDOWS\DeliveryReader.INI
[2010/11/17 16:55:22 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Delivery Reader.lnk
[2010/11/17 16:54:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Delivery Reader.lnk
[2010/11/17 14:44:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/11/17 14:39:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/11/17 14:39:04 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/14 22:09:28 | 000,022,003 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoire.xlsx
[2010/11/11 19:54:26 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/10 13:28:51 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoir...xls
[2010/11/06 10:58:39 | 000,768,824 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\cc_20101106_105738.reg
[2010/11/06 10:49:45 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/06 10:36:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/10/28 10:31:18 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MI_HATIER_LETO.lnk
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/11/21 20:30:35 | 001,129,128 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0001.jpg
[2010/11/21 20:30:35 | 000,949,039 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0002.jpg
[2010/11/21 20:23:49 | 000,664,084 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0005.jpg
[2010/11/21 20:23:48 | 001,063,789 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0004.jpg
[2010/11/21 20:23:47 | 000,840,269 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0003.jpg
[2010/11/21 20:23:46 | 000,602,559 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0002.jpg
[2010/11/21 20:23:43 | 001,085,149 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0001.jpg
[2010/11/18 19:03:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/17 20:00:14 | 000,000,061 | RHS- | C] () -- C:\autorun.inf
[2010/11/17 17:14:06 | 000,000,083 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2010/11/17 16:55:22 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Delivery Reader.lnk
[2010/11/17 16:54:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Delivery Reader.lnk
[2010/11/17 14:44:41 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/11/17 14:40:35 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/17 14:40:34 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/17 14:39:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/11/10 13:59:00 | 000,022,003 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoire.xlsx
[2010/11/10 13:28:47 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoir...xls
[2010/11/06 10:57:44 | 000,768,824 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\cc_20101106_105738.reg
[2010/11/06 10:36:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/10/28 10:31:17 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MI_HATIER_LETO.lnk
[2009/11/12 15:56:07 | 001,826,816 | ---- | C] () -- C:\WINDOWS\System32\geoplan.dll
[2008/04/07 11:57:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/02/17 17:29:52 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/03 13:23:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/30 22:01:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2006/11/30 22:01:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2006/11/30 22:01:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll
[2006/11/30 22:01:32 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2006/11/30 22:01:32 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2006/11/30 22:01:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2006/10/06 19:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/07/27 23:15:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/13 23:08:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9EBD1C6461.sys
[2006/05/01 20:18:58 | 000,002,409 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/05/01 14:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/01 09:59:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/30 22:07:41 | 000,007,570 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/30 22:07:41 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\61641CBD9E.sys
[2006/04/30 22:03:35 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/30 21:36:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\fusioncache.dat
[2006/04/16 16:00:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/16 15:53:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/16 15:46:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/16 15:22:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/04/16 15:22:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/04/16 15:22:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/04/16 15:22:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/04/16 15:22:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/04/16 15:22:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/04/16 15:22:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/04/16 15:22:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/04/16 15:22:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/04/16 15:22:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/04/16 15:22:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/16 15:22:02 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/15 17:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/20 10:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/20 10:30:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/01/01 14:31:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mapcar.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/11/17 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/26 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2008/05/29 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent
[2010/04/25 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon
[2010/11/17 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2006/05/02 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech
[2010/10/28 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2006/12/04 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford
[2007/07/31 23:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent
[2010/11/17 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
[2006/05/01 22:30:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2010/10/28 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/17 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/07/27 23:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/11/03 11:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/09/03 13:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2006/04/16 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/04/16 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/08/26 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/10/13 21:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/04/16 15:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/07/07 15:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2006/06/16 22:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/09/16 18:16:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/11/10 14:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/08/24 08:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/03/31 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2006/06/27 05:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/26 07:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2004/08/20 10:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/09/27 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/30 18:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2006/07/06 02:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/06/28 00:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/12 08:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2007/04/13 21:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/10/28 10:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Adobe
[2008/06/04 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\AdobeUM
[2007/07/21 10:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Apple Computer
[2008/05/29 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent
[2010/04/25 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon
[2006/04/16 15:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel
[2006/04/30 22:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel Photo Album
[2006/05/15 03:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\CyberLink
[2010/11/17 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2010/01/21 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\dvdcss
[2006/05/01 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Help
[2004/08/20 10:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Identities
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\InstallShield
[2006/04/16 15:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Intel
[2009/05/08 19:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Lavasoft
[2006/05/02 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech
[2006/05/01 10:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Macromedia
[2010/10/13 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Malwarebytes
[2006/06/09 22:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\McAfee.com Personal Firewall
[2010/10/28 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2010/02/26 14:35:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marlène\Application Data\Microsoft
[2008/09/06 09:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla
[2006/12/04 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford
[2010/11/03 10:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Real
[2010/10/04 20:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Skype
[2010/10/04 19:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\skypePM
[2006/08/04 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sonic
[2006/04/16 15:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sun
[2006/05/01 10:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Symantec
[2007/07/31 23:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent
[2008/09/06 14:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\vlc
[2007/07/30 13:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\WinRAR
[2006/11/14 22:34:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Marlène\Application Data\yahoo!
[2006/04/16 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\You've Got Pictures Screensaver
[2008/04/27 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\ZoomBrowser EX
[2010/11/17 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/11/17 16:53:26 | 000,659,592 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\_dlytmp\1290009194\_launcher_DeliveryAutoInstall.exe
[2007/01/20 15:02:50 | 023,489,040 | ---- | M] (                            ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
[2008/06/04 18:05:46 | 022,023,120 | ---- | M] (                                   ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
[2010/11/17 16:53:37 | 001,015,944 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryManager.EXE
[2010/11/17 16:53:40 | 002,113,672 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryReader.exe
[2010/11/17 16:55:20 | 000,118,912 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryRegisterExtension.exe
[2010/11/17 16:55:21 | 000,061,568 | ---- | M] ( ) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryStart.exe
[2010/11/17 16:55:22 | 000,114,816 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliverySwitcher.exe
[2010/11/17 16:53:43 | 000,104,320 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryWebAccess.exe
[2010/11/17 16:53:37 | 001,015,944 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\NewDeliveryManager.exe
[2010/11/17 16:54:13 | 000,085,864 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\uninst.exe
[2010/10/28 10:27:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Marlène\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007/09/03 13:35:32 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Marlène\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys
[2004/08/05 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: CTFMON.EXE  >[/color]
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\i386\ctfmon.exe
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/05 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/05 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys
[2004/08/05 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\i386\rdpwd.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2004/08/05 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\i386\sfloppy.sys
[2004/08/05 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\i386\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys
[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\i386\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/05 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\i386\tcpip.sys
[2004/08/05 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\i386\tdpipe.sys
[2004/08/05 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/05 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\i386\tdtcp.sys
[2004/08/05 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\i386\userinit.exe
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\i386\winlogon.exe
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >

le fichier extras.txt
Code: Tout sélectionner
OTL logfile created on: 23/11/2010 20:24:37 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Marlène\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
502,00 Mb Total Physical Memory | 184,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51,39 Gb Total Space | 10,86 Gb Free Space | 21,14% Space Free | Partition Type: NTFS
 
Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Marlène\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Marlène\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\hccutils.dll (Intel Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (fbxusb) -- C:\WINDOWS\system32\drivers\fbxusb.sys (FreeBox SA)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.fr/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/11 18:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 19:03:41 | 000,000,000 | ---D | M]
 
[2008/09/06 09:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Extensions
[2010/11/23 20:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions
[2010/05/06 18:51:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/06 13:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla\Firefox\Profiles\6cs31fyo.default\extensions\FFClickOnce@softwarepunk.com
[2010/11/23 20:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 17:19:16 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/28 17:19:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/28 17:19:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/08/11 11:35:00 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/07/28 17:19:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/28 17:19:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2010/10/13 20:28:04 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ShowLOMControl]  File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_1_0_1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ddesmgr: DllName - ddesmgr.dll -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marlène\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {BD804BDD-9A9E-45F5-B9CD-99832A48603C} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/23 20:26:52 | 000,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\AutoRun\command - "" = et3ypes.exe
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\open\Command - "" = et3ypes.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
MsConfig - StartUpReg: [b]DMXLauncher[/b] - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: [b]GrooveMonitor[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]LifeCam[/b] - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: [b]ModemOnHold[/b] - hkey= - key= - C:\Program Files\NetWaiting\netWaiting.exe File not found
MsConfig - StartUpReg: [b]MSKDetectorExe[/b] - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe File not found
MsConfig - StartUpReg: [b]RealTray[/b] - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: WriteRegStr -
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/11/23 20:18:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe
[2010/11/18 07:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\Temp
[2010/11/17 16:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Mes documents\Mes documents Delivery
[2010/11/17 16:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2010/11/17 16:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
[2010/11/17 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\Google
[2010/11/17 14:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/17 14:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/11/17 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/17 14:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/17 14:38:12 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/17 14:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/06 10:50:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marlène\Recent
[2010/11/06 10:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/03 11:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Local Settings\Application Data\PCHealth
[2010/10/28 10:31:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2010/10/28 10:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hatier
[2010/10/28 10:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe AIR
[2010/10/27 13:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marlène\Bureau\Partitions_sopranes
[2006/04/16 15:22:52 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/04/16 15:22:52 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/04/16 15:22:52 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/04/16 15:22:52 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/04/16 15:22:52 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/04/16 15:22:50 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/04/16 15:22:50 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/04/16 15:22:50 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/04/16 15:22:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/11/23 20:33:07 | 000,000,061 | RHS- | M] () -- C:\autorun.inf
[2010/11/23 20:18:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marlène\Bureau\OTL.exe
[2010/11/23 19:55:01 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/23 19:34:19 | 000,516,836 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/11/23 19:34:19 | 000,447,046 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/23 19:34:19 | 000,087,582 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/11/23 19:34:19 | 000,073,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/23 19:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/23 19:29:14 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/23 19:29:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job
[2010/11/23 19:28:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/23 19:28:39 | 526,843,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 20:30:36 | 000,949,039 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0002.jpg
[2010/11/21 20:30:35 | 001,129,128 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0001.jpg
[2010/11/21 20:23:50 | 000,664,084 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0005.jpg
[2010/11/21 20:23:49 | 001,063,789 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0004.jpg
[2010/11/21 20:23:48 | 000,840,269 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0003.jpg
[2010/11/21 20:23:47 | 000,602,559 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0002.jpg
[2010/11/21 20:23:46 | 001,085,149 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0001.jpg
[2010/11/18 19:03:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/17 19:30:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2035062039-3169207473-3815781202-1006.job
[2010/11/17 17:14:06 | 000,000,083 | ---- | M] () -- C:\WINDOWS\DeliveryReader.INI
[2010/11/17 16:55:22 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Delivery Reader.lnk
[2010/11/17 16:54:20 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Marlène\Bureau\Delivery Reader.lnk
[2010/11/17 14:44:41 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/11/17 14:39:15 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/11/17 14:39:04 | 000,003,121 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/14 22:09:28 | 000,022,003 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoire.xlsx
[2010/11/11 19:54:26 | 000,202,752 | ---- | M] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/10 13:28:51 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoir...xls
[2010/11/06 10:58:39 | 000,768,824 | ---- | M] () -- C:\Documents and Settings\Marlène\Mes documents\cc_20101106_105738.reg
[2010/11/06 10:49:45 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/06 10:36:12 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/10/28 10:31:18 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\MI_HATIER_LETO.lnk
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/11/21 20:30:35 | 001,129,128 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0001.jpg
[2010/11/21 20:30:35 | 000,949,039 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\remboursement allianz0002.jpg
[2010/11/21 20:23:49 | 000,664,084 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0005.jpg
[2010/11/21 20:23:48 | 001,063,789 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0004.jpg
[2010/11/21 20:23:47 | 000,840,269 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0003.jpg
[2010/11/21 20:23:46 | 000,602,559 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0002.jpg
[2010/11/21 20:23:43 | 001,085,149 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Enéagramme0001.jpg
[2010/11/18 19:03:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/11/17 20:00:14 | 000,000,061 | RHS- | C] () -- C:\autorun.inf
[2010/11/17 17:14:06 | 000,000,083 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2010/11/17 16:55:22 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Delivery Reader.lnk
[2010/11/17 16:54:20 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Marlène\Bureau\Delivery Reader.lnk
[2010/11/17 14:44:41 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2010/11/17 14:40:35 | 000,001,056 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/17 14:40:34 | 000,001,052 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/17 14:39:15 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
[2010/11/10 13:59:00 | 000,022,003 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoire.xlsx
[2010/11/10 13:28:47 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\Répertoir...xls
[2010/11/06 10:57:44 | 000,768,824 | ---- | C] () -- C:\Documents and Settings\Marlène\Mes documents\cc_20101106_105738.reg
[2010/11/06 10:36:12 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk
[2010/10/28 10:31:17 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\MI_HATIER_LETO.lnk
[2009/11/12 15:56:07 | 001,826,816 | ---- | C] () -- C:\WINDOWS\System32\geoplan.dll
[2008/04/07 11:57:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/02/17 17:29:52 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/09/03 13:23:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/11/30 22:01:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TEXTware.ini
[2006/11/30 22:01:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\Twavbx32.dll
[2006/11/30 22:01:33 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\idiom010227.dll
[2006/11/30 22:01:32 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2006/11/30 22:01:32 | 000,113,288 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[2006/11/30 22:01:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ILXTBS.DLL
[2006/10/06 19:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/07/27 23:15:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/13 23:08:05 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9EBD1C6461.sys
[2006/05/01 20:18:58 | 000,002,409 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2006/05/01 14:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/05/01 09:59:07 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/30 22:07:41 | 000,007,570 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/30 22:07:41 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\61641CBD9E.sys
[2006/04/30 22:03:35 | 000,202,752 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/30 21:36:27 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Marlène\Local Settings\Application Data\fusioncache.dat
[2006/04/16 16:00:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/16 15:53:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/16 15:46:30 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/16 15:22:52 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/04/16 15:22:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/04/16 15:22:52 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/04/16 15:22:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/04/16 15:22:52 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/04/16 15:22:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/04/16 15:22:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/04/16 15:22:50 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/04/16 15:22:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/04/16 15:22:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/04/16 15:22:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/16 15:22:02 | 000,000,536 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/15 17:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/20 10:45:35 | 000,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/20 10:30:35 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/01/01 14:31:07 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\mapcar.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/11/17 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/26 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2008/05/29 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent
[2010/04/25 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon
[2010/11/17 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2006/05/02 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech
[2010/10/28 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2006/12/04 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford
[2007/07/31 23:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent
[2010/11/17 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
[2006/05/01 22:30:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Rappel d'abonnement 1 auprès de l'ISP.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2010/10/28 10:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/17 14:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/07/27 23:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/11/03 11:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/09/03 13:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2006/04/16 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/04/16 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/08/26 16:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2010/10/13 21:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2006/04/16 15:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2006/07/07 15:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2006/06/16 22:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/09/16 18:16:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/11/10 14:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/08/24 08:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/03/31 18:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2006/06/27 05:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/26 07:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2004/08/20 10:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2010/09/27 19:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/30 18:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2006/07/06 02:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/06/28 00:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/12 08:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2007/04/13 21:58:07 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010/10/28 10:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Adobe
[2008/06/04 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\AdobeUM
[2007/07/21 10:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Apple Computer
[2008/05/29 18:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\BitTorrent
[2010/04/25 20:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Canon
[2006/04/16 15:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel
[2006/04/30 22:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Corel Photo Album
[2006/05/15 03:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\CyberLink
[2010/11/17 16:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Delivery
[2010/01/21 20:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\dvdcss
[2006/05/01 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Help
[2004/08/20 10:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Identities
[2010/06/22 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\InstallShield
[2006/04/16 15:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Intel
[2009/05/08 19:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Lavasoft
[2006/05/02 16:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Leadertech
[2006/05/01 10:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Macromedia
[2010/10/13 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Malwarebytes
[2006/06/09 22:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\McAfee.com Personal Firewall
[2010/10/28 10:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1
[2010/02/26 14:35:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Marlène\Application Data\Microsoft
[2008/09/06 09:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Mozilla
[2006/12/04 10:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Oxford
[2010/11/03 10:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Real
[2010/10/04 20:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Skype
[2010/10/04 19:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\skypePM
[2006/08/04 16:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sonic
[2006/04/16 15:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Sun
[2006/05/01 10:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\Symantec
[2007/07/31 23:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\uTorrent
[2008/09/06 14:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\vlc
[2007/07/30 13:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\WinRAR
[2006/11/14 22:34:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Marlène\Application Data\yahoo!
[2006/04/16 15:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\You've Got Pictures Screensaver
[2008/04/27 08:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\ZoomBrowser EX
[2010/11/17 16:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marlène\Application Data\_dlytmp
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010/11/17 16:53:26 | 000,659,592 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\_dlytmp\1290009194\_launcher_DeliveryAutoInstall.exe
[2007/01/20 15:02:50 | 023,489,040 | ---- | M] (                            ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
[2008/06/04 18:05:46 | 022,023,120 | ---- | M] (                                   ) -- C:\Documents and Settings\Marlène\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_fr_FR.exe
[2010/11/17 16:53:37 | 001,015,944 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryManager.EXE
[2010/11/17 16:53:40 | 002,113,672 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryReader.exe
[2010/11/17 16:55:20 | 000,118,912 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryRegisterExtension.exe
[2010/11/17 16:55:21 | 000,061,568 | ---- | M] ( ) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryStart.exe
[2010/11/17 16:55:22 | 000,114,816 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliverySwitcher.exe
[2010/11/17 16:53:43 | 000,104,320 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\DeliveryWebAccess.exe
[2010/11/17 16:53:37 | 001,015,944 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\NewDeliveryManager.exe
[2010/11/17 16:54:13 | 000,085,864 | ---- | M] (Immanens) -- C:\Documents and Settings\Marlène\Application Data\Delivery\uninst.exe
[2010/10/28 10:27:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Marlène\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2007/09/03 13:35:32 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Marlène\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\i386\cdrom.sys
[2004/08/05 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: CTFMON.EXE  >[/color]
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\i386\ctfmon.exe
[2004/08/05 12:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/05 12:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\i386\eventlog.dll
[2004/08/05 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\i386\ndis.sys
[2004/08/05 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\i386\netlogon.dll
[2004/08/05 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\i386\rasacd.sys
[2004/08/05 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\i386\rdpwd.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\i386\scecli.dll
[2004/08/05 12:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2004/08/05 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\i386\sfloppy.sys
[2004/08/05 12:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\i386\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys
[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\i386\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/05 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\i386\tcpip.sys
[2004/08/05 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\i386\tdpipe.sys
[2004/08/05 12:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/05 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\i386\tdtcp.sys
[2004/08/05 12:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys
[2004/08/05 12:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys
[2008/09/16 15:22:49 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 21:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\i386\userinit.exe
[2004/08/05 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\i386\winlogon.exe
[2004/08/05 12:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 21:16

hello,

tu m'as poster deux fois OTL.txt mais pas Extrat.txt, tu peux me le poster stp... :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 21:18

OUPS

Code: Tout sélectionner
OTL Extras logfile created on: 23/11/2010 20:24:38 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Marlène\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
502,00 Mb Total Physical Memory | 184,00 Mb Available Physical Memory | 37,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51,39 Gb Total Space | 10,86 Gb Free Space | 21,14% Space Free | Partition Type: NTFS
 
Computer Name: MARLENE | User Name: Marlène | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"12741:TCP" = 12741:TCP:*:Enabled:BitComet 12741 TCP
"12741:UDP" = 12741:UDP:*:Enabled:BitComet 12741 UDP
"8080:TCP" = 8080:TCP:*:Enabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"%windir%\explorer.exe" = %windir%\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1AA0F610-7226-4C99-85D7-5E75AFD0D5CE}_is1" = Geoplan-Geospace version 1.6
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Gestion de l'alimentation de la carte réseau interne
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}" = Microsoft LifeCam
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BF1D09D6-CC68-F911-7678-CC4BABFEE87B}" = Manuel Interactif HATIER
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"avast5" = avast! Free Antivirus
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1" = Manuel Interactif HATIER
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Oxford Advanced Genie" = Oxford Advanced Genie
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Logiciel Intel(R) PROSet/Wireless
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6b
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 14/10/2010 02:14:50 | Computer Name = MARLENE | Source = avast! | ID = 33554522
Description =
 
[ Application Events ]
Error - 03/11/2010 05:32:32 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 05:37:56 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 05:40:34 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 05:42:06 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 05:44:34 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 06:15:38 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 5331c4b5-79aa-4837-aa71-66bf50ecbbc919899d9d-34dd-4bfd-bb92-bf108f953728,
 P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 03/11/2010 06:16:37 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 06:18:06 | Computer Name = MARLENE | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
 faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault
 address 0x0002010a.
 
Error - 03/11/2010 06:18:24 | Computer Name = MARLENE | Source = MsiInstaller | ID = 1013
Description = Produit : Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft
 .NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect
other applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.
 
Error - 11/11/2010 14:55:12 | Computer Name = MARLENE | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 11.0.5721.5145, module bloqué
 hungapp, version 0.0.0.0, adresse de blocage 0x00000000.
 
[ OSession Events ]
Error - 17/09/2010 03:24:12 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1514
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 20/09/2010 17:41:50 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9961
 seconds with 4500 seconds of active time.  This session ended with a crash.
 
Error - 14/10/2010 15:57:44 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3983
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 05:32:21 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2640
 seconds with 1980 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 05:37:50 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 05:40:33 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 138
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 05:42:05 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 82
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 05:44:18 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 120
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 06:16:34 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1907
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 03/11/2010 06:18:05 | Computer Name = MARLENE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03/11/2010 06:20:15 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur :   %%126
 
Error - 03/11/2010 06:20:16 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7023
Description = Le service Gestion d'applications s'est arrêté avec l'erreur :   %%126
 
Error - 17/11/2010 09:39:06 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur :
   %%5
 
Error - 17/11/2010 09:39:08 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur :
   %%5
 
Error - 17/11/2010 09:39:10 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7006
Description = L'appel ScRegSetValueExW a échoué pour FailureActions avec l'erreur :
   %%5
 
Error - 18/11/2010 13:55:46 | Computer Name = MARLENE | Source = DCOM | ID = 10005
Description = DCOM a reçu l'erreur "%1053" lors de la mise en route du service dlcc_device
 avec les arguments ""  pour démarrer le serveur :  {323CE21C-A448-40AA-BA74-7FCF1E441069}
 
Error - 18/11/2010 13:55:46 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7009
Description = Délai (30000 millisecondes) d'attente pour une connexion du service
 dlcc_device.
 
Error - 18/11/2010 13:55:46 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7000
Description = Le service dlcc_device n'a pas pu démarrer en raison de l'erreur :
   %%1053
 
Error - 22/11/2010 12:43:34 | Computer Name = MARLENE | Source = Disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk0\D.
 
Error - 23/11/2010 15:07:11 | Computer Name = MARLENE | Source = Service Control Manager | ID = 7034
Description = Le service Sygate Personal Firewall s'est terminé de façon inattendue
 pour la 1ème fois.
 
 
< End of report >
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 21:45

OK,

Fais cela dans l'ordre...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:files
C:\WINDOWS\system32\mgking.exe
C:\autorun.inf
C:\et3types.exe

:OTL
O4 - HKLM..\Run: [Install5G] D:\Install.exe File not found
O4 - HKU\S-1-5-21-2035062039-3169207473-3815781202-1006..\Run: [king_mg] C:\WINDOWS\system32\mgking.exe ()
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\AutoRun\command - "" = et3ypes.exe
O33 - MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\Shell\open\Command - "" = et3ypes.exe
[2 C:\Documents and Settings\Marlène\Mes documents\*.tmp files -> C:\Documents and Settings\Marlène\Mes documents\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]
[RESETHOSTS]



* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite...

Tu as une infection qui se propage par support amovible (Clef USB, DD externe, carte photo SD,etc...)
Branche tous tes périphériques de stockage USB >> clefs USB, DD externe (en position "marche), carte photos etc...
Attention, ne les ouvre pas

  • Télécharge USBFix sur ton bureau
  • Fais un double-clic dessus pour le lancer
  • Fais le choix "Suppression", laisse travailler USBFix et poste le rapport qui sera généré.

@++ :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 22:08

Voilà le rapport de l'usb MAIS je ne trouve pas le rapport OTL

Code: Tout sélectionner
############################## | UsbFix 7.035 | [Suppression]

Utilisateur: Marlène (Administrateur) # MARLENE [ ]
Mis à jour le 22/11/10 par El Desaparecido / C_XX
Lancé à 21:58:39 | 23/11/2010
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org

CPU: Genuine Intel(R) CPU T2300 @ 1.66GHz
CPU 2: Genuine Intel(R) CPU T2300 @ 1.66GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Pare-feu Windows: Activé
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
Firewall: Sygate Personal Firewall 4.6 [Enabled]
RAM -> 502 Mo
C:\ (%systemdrive%) -> Disque fixe # 51 Go (11 Go libre(s) - 22%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Disque amovible # 488 Mo (91 Mo libre(s) - 19%) [] # FAT

################## | Éléments infectieux |


Supprimé! C:\Recycler\S-1-5-21-2035062039-3169207473-3815781202-1006
Supprimé! C:\log.txt
Supprimé! F:\i00dvoym.exe
Supprimé! F:\l10.exe
Supprimé! F:\mi9al8rs.exe

################## | Mabezat |

Supprimé! F:\zPharaoh.exe

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[15/10/2009 - 20:14:18 | D ]    C:\$AVG8.VAULT$
[30/09/2009 - 21:24:47 | D ]    C:\5f1fc7b5f9377a7f65763fa06f9a4e07
[02/05/2010 - 08:33:04 | N | 217]    C:\boot.ini
[05/08/2004 - 12:00:00 | N | 4952]    C:\Bootfont.bin
[18/11/2010 - 19:05:27 | D ]    C:\Config.Msi
[20/08/2004 - 10:37:16 | N | 0]    C:\CONFIG.SYS
[11/07/2008 - 13:44:07 | D ]    C:\dell
[16/04/2006 - 15:27:54 | N | 5343]    C:\dell.sdr
[22/11/2010 - 17:42:47 | N | 7932]    C:\dlcc.log
[23/11/2010 - 19:29:03 | N | 12206]    C:\dlccscan.log
[30/04/2006 - 21:36:25 | D ]    C:\Documents and Settings
[23/11/2006 - 22:30:17 | D ]    C:\drivers
[23/11/2010 - 21:51:22 | ASH | 526843904]    C:\hiberfil.sys
[08/05/2009 - 18:40:48 | D ]    C:\i386
[29/06/2009 - 17:37:42 | N | 230424]    C:\img2-001.raw
[01/05/2006 - 10:11:19 | N | 4128]    C:\INFCACHE.1
[23/08/2010 - 22:26:49 | D ]    C:\Install
[20/08/2004 - 10:37:16 | N | 0]    C:\IO.SYS
[16/04/2006 - 15:51:13 | N | 829]    C:\IPH.PH
[20/08/2004 - 10:37:16 | N | 0]    C:\MSDOS.SYS
[01/05/2006 - 09:59:09 | RHD ]    C:\MSOCache
[13/10/2010 - 17:23:19 | D ]    C:\Navilog1
[05/08/2004 - 12:00:00 | N | 47564]    C:\NTDETECT.COM
[16/09/2008 - 15:29:19 | N | 252240]    C:\ntldr
[23/11/2010 - 21:51:21 | ASH | 792723456]    C:\pagefile.sys
[17/11/2010 - 14:39:31 | D ]    C:\Program Files
[23/11/2010 - 22:01:21 | SHD ]    C:\RECYCLER
[01/05/2006 - 10:04:28 | D ]    C:\sql2ksp3
[14/07/2009 - 15:57:13 | N | 232]    C:\sqmdata00.sqm
[18/07/2009 - 08:48:46 | N | 232]    C:\sqmdata01.sqm
[10/08/2009 - 09:17:13 | N | 232]    C:\sqmdata02.sqm
[01/11/2007 - 23:18:05 | N | 232]    C:\sqmdata03.sqm
[02/11/2007 - 10:28:27 | N | 232]    C:\sqmdata04.sqm
[02/11/2007 - 22:54:27 | N | 232]    C:\sqmdata05.sqm
[03/11/2007 - 18:03:36 | N | 232]    C:\sqmdata06.sqm
[03/11/2007 - 22:16:09 | N | 232]    C:\sqmdata07.sqm
[04/11/2007 - 12:01:50 | N | 232]    C:\sqmdata08.sqm
[04/11/2007 - 12:46:56 | N | 232]    C:\sqmdata09.sqm
[02/01/2008 - 12:53:31 | N | 232]    C:\sqmdata10.sqm
[02/01/2008 - 18:34:31 | N | 232]    C:\sqmdata11.sqm
[18/05/2008 - 12:04:04 | N | 232]    C:\sqmdata12.sqm
[12/09/2008 - 17:59:37 | N | 232]    C:\sqmdata13.sqm
[13/09/2008 - 11:01:50 | N | 232]    C:\sqmdata14.sqm
[14/09/2008 - 12:16:36 | N | 232]    C:\sqmdata15.sqm
[14/10/2008 - 12:12:08 | N | 232]    C:\sqmdata16.sqm
[14/10/2008 - 13:29:33 | N | 232]    C:\sqmdata17.sqm
[23/02/2009 - 09:04:44 | N | 232]    C:\sqmdata18.sqm
[06/06/2009 - 15:10:52 | N | 232]    C:\sqmdata19.sqm
[14/07/2009 - 15:57:13 | N | 244]    C:\sqmnoopt00.sqm
[18/07/2009 - 08:48:46 | N | 244]    C:\sqmnoopt01.sqm
[10/08/2009 - 09:17:12 | N | 244]    C:\sqmnoopt02.sqm
[01/11/2007 - 23:18:05 | N | 244]    C:\sqmnoopt03.sqm
[02/11/2007 - 10:28:27 | N | 244]    C:\sqmnoopt04.sqm
[02/11/2007 - 22:54:27 | N | 244]    C:\sqmnoopt05.sqm
[03/11/2007 - 18:03:36 | N | 244]    C:\sqmnoopt06.sqm
[03/11/2007 - 22:16:09 | N | 244]    C:\sqmnoopt07.sqm
[04/11/2007 - 12:01:50 | N | 244]    C:\sqmnoopt08.sqm
[04/11/2007 - 12:46:56 | N | 244]    C:\sqmnoopt09.sqm
[02/01/2008 - 12:53:31 | N | 244]    C:\sqmnoopt10.sqm
[02/01/2008 - 18:34:31 | N | 244]    C:\sqmnoopt11.sqm
[18/05/2008 - 12:04:03 | N | 244]    C:\sqmnoopt12.sqm
[12/09/2008 - 17:59:37 | N | 244]    C:\sqmnoopt13.sqm
[13/09/2008 - 11:01:50 | N | 244]    C:\sqmnoopt14.sqm
[14/09/2008 - 12:16:36 | N | 244]    C:\sqmnoopt15.sqm
[14/10/2008 - 12:12:08 | N | 244]    C:\sqmnoopt16.sqm
[14/10/2008 - 13:29:33 | N | 244]    C:\sqmnoopt17.sqm
[23/02/2009 - 09:04:43 | N | 244]    C:\sqmnoopt18.sqm
[06/06/2009 - 15:10:52 | N | 244]    C:\sqmnoopt19.sqm
[06/11/2010 - 11:06:12 | SHD ]    C:\System Volume Information
[23/11/2010 - 22:04:25 | D ]    C:\UsbFix
[23/11/2010 - 22:04:31 | A | 2877]    C:\UsbFix.txt
[17/11/2010 - 17:14:06 | D ]    C:\WINDOWS
[23/11/2010 - 21:48:05 | D ]    C:\_OTL
[04/09/2007 - 10:11:20 | N | 1167]    C:\_Sid.txt
[26/08/2007 - 15:00:18 | N | 51770]    F:\Instructions.pdf
[23/12/2009 - 10:57:46 | N | 20480]    F:\Le travail autonome (2).doc
[18/11/2010 - 12:21:28 | D ]    F:\adober.exe
[18/11/2010 - 13:19:08 | N | 5985]    F:\VaccinUSB.txt
[18/11/2010 - 12:21:28 | D ]    F:\comment.htt
[22/03/2006 - 09:21:16 | N | 24064]    F:\recueillir les représentations des élèves.doc
[01/12/2008 - 09:34:40 | N | 29184]    F:\Modalité pour travailler en groupe.doc
[20/10/2009 - 15:30:54 | N | 184320]    F:\capture.exe
[17/11/2010 - 16:56:38 | D ]    F:\Delivery
[17/11/2010 - 16:55:22 | N | 61568]    F:\Delivery.exe
[06/04/2010 - 15:01:56 | N | 122880]    F:\VaccinUSB.exe
[18/11/2010 - 12:21:28 | D ]    F:\copy.exe
[18/11/2010 - 12:21:28 | D ]    F:\host.exe
[18/11/2010 - 12:21:28 | D ]    F:\ravmon.exe
[18/11/2010 - 12:21:28 | D ]    F:\msvcr71.dll
[18/11/2010 - 12:21:28 | D ]    F:\ravmon.log
[18/11/2010 - 12:21:28 | D ]    F:\temp.exe
[18/11/2010 - 12:21:28 | D ]    F:\temp1.exe
[18/11/2010 - 12:21:28 | D ]    F:\temp2.exe
[18/11/2010 - 12:21:28 | D ]    F:\winfile.exe
[18/11/2010 - 12:21:28 | D ]    F:\autorun.inf
[18/11/2010 - 12:21:28 | D ]    F:\info.exe
[18/11/2010 - 12:21:28 | D ]    F:\sqlserv.exe
[09/09/2010 - 07:00:36 | N | 3768]    F:\BOOTEX.LOG
[05/04/2010 - 21:56:40 | N | 12357]    F:\Retour sur une séance de travail en groupe.docx
[06/04/2010 - 09:01:18 | N | 52736]    F:\Expérimentation2.doc
[06/04/2010 - 18:25:18 | N | 22906]    F:\Le CREDO.docx
[08/04/2010 - 14:07:18 | N | 249856]    F:\CV Professeur.doc
[08/04/2010 - 21:09:04 | N | 40018]    F:\postes.xlsx
[04/05/2010 - 11:25:22 | N | 16176]    F:\Discours oral PRAC2.docx
[02/07/2010 - 08:49:00 | D ]    F:\B.O et IUFM
[26/08/2010 - 10:51:30 | D ]    F:\2010-2011
[09/09/2010 - 07:42:02 | D ]    F:\Seconde 3H
[14/09/2010 - 10:46:46 | RSHD ]    F:\System
[02/07/2010 - 12:20:52 | N | 47616]    F:\Manuelsenvigueur.doc

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_MARLENE.zip
http://www.teamxscript.org/Sample/Upload.php
Merci de votre contribution.

################## | E.O.F |
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 22:11

Dans C: j'ai trouvé un dossier OTL avec un rapport daté d'aujourd'hui.
Le voici
Code: Tout sélectionner
All processes killed
========== FILES ==========
File\Folder C:\WINDOWS\system32\mgking.exe not found.
C:\autorun.inf moved successfully.
File\Folder C:\et3types.exe not found.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Install5G deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2035062039-3169207473-3815781202-1006\Software\Microsoft\Windows\CurrentVersion\Run\\king_mg deleted successfully.
File C:\WINDOWS\system32\mgking.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0861e48-d3c7-11da-b64e-806d6172696f}\ not found.
File et3ypes.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0861e48-d3c7-11da-b64e-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0861e48-d3c7-11da-b64e-806d6172696f}\ not found.
File et3ypes.exe not found.
C:\Documents and Settings\Marlène\Mes documents\~WRD0000.tmp deleted successfully.
C:\Documents and Settings\Marlène\Mes documents\~WRD0001.tmp deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 71280 bytes
 
User: Marlène
->Temp folder emptied: 6336807 bytes
->Temporary Internet Files folder emptied: 88931958 bytes
->Java cache emptied: 18170 bytes
->FireFox cache emptied: 101051448 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 58903 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6341714 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 194,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: Marlène
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.17.3 log created on 11232010_214805
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 22:35

cool,

Toujours en laissant les clefs USB, DD externes etc...Branchés

Fais cela...

  • télécharge Malwarebytes >>ici
  • Pour t'aiderun super tuto de Danakil à lire avant le scan.
  • Choisie "exécuter un examen rapide" et à la fin du scan , coche tous les éléments trouvés,et clique sur supprimer la sélection.
  • Poste moi le rapport stp.

:wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 23:08

Cela semble parfait!!

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/11/2010 23:06:47
mbam-log-2010-11-23 (23-06-47).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 144849
Temps écoulé: 13 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci bcp

Marlène
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 23 Nov 2010 23:30

hello,

non, ce n'est pas clean du tout et Avast est incroyablement à la rue :-?

toujours avec les clefs usb, DD externe branchés


* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"


:files
F:\adober.exe
F:\comment.htt
F:\copy.exe
F:\host.exe
F:\ravmon.exe
F:\msvcr71.dll
F:\ravmon.log
F:\temp.exe
F:\temp1.exe
F:\temp2.exe
F:\winfile.exe
F:\info.exe
F:\sqlserv.exe
F:\System
F:\autorun.inf

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]



* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

ensuite relance Malwarebytes' et choisie cette fois ci "exécuter un examen complet"
Coches tous les lecteurs disponible et fais le scan...

je regarde les rapports demain après le taf :wink:

bonne nuit :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 24 Nov 2010 18:14

Bonjour,

Voilà le rapport OTL
Code: Tout sélectionner
All processes killed
========== FILES ==========
F:\adober.exe folder moved successfully.
F:\comment.htt folder moved successfully.
F:\copy.exe folder moved successfully.
F:\host.exe folder moved successfully.
F:\ravmon.exe folder moved successfully.
F:\msvcr71.dll folder moved successfully.
F:\ravmon.log folder moved successfully.
F:\temp.exe folder moved successfully.
F:\temp1.exe folder moved successfully.
F:\temp2.exe folder moved successfully.
F:\winfile.exe folder moved successfully.
F:\info.exe folder moved successfully.
F:\sqlserv.exe folder moved successfully.
F:\System\Drivers folder moved successfully.
F:\System folder moved successfully.
Folder move failed. F:\Autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Marlène
->Temp folder emptied: 69980 bytes
->Temporary Internet Files folder emptied: 5609395 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65987360 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 631 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 648700 bytes
 
Total Files Cleaned = 69,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: Marlène
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11242010_160018


et le rapport Malware
Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 5177

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/11/2010 18:13:50
mbam-log-2010-11-24 (18-13-50).txt

Type d'examen: Examen complet (C:\|F:\|)
Elément(s) analysé(s): 229458
Temps écoulé: 1 heure(s), 22 minute(s), 28 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Alwil Software\Avast5\chrome\ChromeInst.exe (Trojan.Startpage) -> Delete on reboot.
C:\UsbFix\Quarantine\F\l10.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\F\mi9al8rs.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.



Merci beaucoup
mbouchet
Apprenti(e)
Apprenti(e)
 
Messages: 33
Inscription: 13 Oct 2010 18:02
 
Haut

Re: Virus Win32:OnLineGames-FVB

Message le 24 Nov 2010 18:53

hello :D

Fais cela stp...
Affiche les dossiers fichiers cachés comme cela...
  • Ouvre le poste de travail,puis clic sur outil/options des dossiers/choisie l'onglet"affichage"
  • Coches "Afficher les Fichiers et dossiers cachés"
  • Décoches "Masquer les fichiers protégés du système d'exploitation (recommandé)"
  • Décoches "Masquer les extensions dont le type est connu"
  • Acceptes les avertissements de Windows
  • Cliques sur "Appliquer" et "Ok" pour valider les changements

Ensuite rend toi sur virus total et fais analyser ces deux fichiers en rouge
(clique sur "parcourir" pour sélectionner le fichier et cliques sur "Send file"
C:\WINDOWS\System32\9EBD1C6461.sys
C:\WINDOWS\System32\61641CBD9E.sys

Poste moi les deux liens relatif aux résultats des scans

ensuite..

toujours avec les clefs usb, DD externe branchés

peux-tu refaire un scan OTL comme tu l'as fais la première fois mais en utilisant cette citation là...

C:\Documents and Settings\Marlène\Application Data\MI-HATIER-LETO.3CF329FC7EF006D94C1AC4C34744208D3C373211.1\* /s /md5


Poste le rapport OTL (tu n'auras pas extrat.txt cette fois-ci ) 8)

@++ :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 
Haut
Suivante
Répondre

Sujets similaires

Message Aide suite à une analyse FRST contre un virus vbc.exe
Bonjour tout le monde, J'ai récemment constaté que j'étais infecté par un virus lié à vbc.exe, ce qui entraîne une utilisation du CPU allant jusqu'à 30% voire 40%. J'ai donc effectué mes analyses FRST et voici les rapports obtenus : - FRST.txt: https://pjjoint.malekal.com/files.php?id=FRST_20240315_ ...
Réponses: 3

Message [Réglé] Petite vérification virus
Salut Heravles ,Merci et bonne année a toi également et aussi a toute ta famille.Oui désolé j'ai pas fais attention quand j'ai téléchargé le logiciel alors que je sais très bien qu'il fallait le faire sur le bureau. Je ferais plus attention la prochaine fois.Nickel si mon Pc et pas infecté.Je t'envo ...
Réponses: 5

Message 22h2 bogues tpm et centre de sécurité: virus?
Salut,J'ai refait iso et formaté override le disque. Un reset électrique du PC.Je suis sur W11 PRO 64 v22621.525 (même bogue sur la première iso 22h2 fournie par Microsoft en 22621.382).WU est désactivé avant connexion a internet via gpedit.msc.J'ai installé à neuf en compte local. J'installe sans i ...
Réponses: 17

Message anti virus gratuit
Bonjour,Avez-vous un anti virus nettoyeur gratuit en français a me conseiller pour mon j3 2016 samsung.Cordialement.
Réponses: 3

Message Des VIRUS (encore ?)
Bonjour Bernard,merci pour ton aide, j'ai donc supprimé les logiciels adobe que j'avais cracké,voici les nouvelles analyses:Addition : https://cjoint.com/c/LKduLSQQmLnFRST : https://cjoint.com/c/LKduNhgM1vnShortcut : https://cjoint.com/c/LKduNycdWwnCordialement
Réponses: 7

Message [Réglé] Anti virus
Bonjour j'ai racheter un pc portable, je voudrais savoir si il existe des activirus gratuits, de bonne qualité merci
Réponses: 7

Message [Réglé]Multiples Virus Sur ordi Hacktool,coinminer
Bonjour, j'espère que vous allez bien en ces temps difficiles.Je suis de nouveau venu chez mes parents pour les fêtes et l'ordinateur de mon père est de nouveau infectée par des cochonneries que je n'arrive pas enlever moi même, c'est pour cela que je requiert votre aide à nouveau.Je fournis les fic ...
Réponses: 26

Haut

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 15 invités

Forum Informatique aide pour le matériel sous Windows, Linux, Logiciels et Jeux Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

.: Nous contacter :: Flux RSS :: Données personnelles :.