[résolu] Virus ?
Dernière réponse : dans Sécurité
Bonjour à tous,
Je n'arrive plus à naviguer correctement sur internet depuis plusieurs heures.
En effet, certains sites sont inaccessibles et à de nombreuses reprises, je suis redirigé vers des publicités lorsque je clique sur des liens.
Je me suis renseigné sur la façon dont je pourrais me débarrasser de ce virus et j'ai abouti au logiciel ComboFix ...
Cependant, n'ayant aucune compétence dans le domaine, je souhaiterais obtenir de l'aide afin me servir de ce logiciel, ou d'un autres si nécessaire.
Je vous en remercie d'avance,
Cordialement,
Baptiste
Je n'arrive plus à naviguer correctement sur internet depuis plusieurs heures.
En effet, certains sites sont inaccessibles et à de nombreuses reprises, je suis redirigé vers des publicités lorsque je clique sur des liens.
Je me suis renseigné sur la façon dont je pourrais me débarrasser de ce virus et j'ai abouti au logiciel ComboFix ...
Cependant, n'ayant aucune compétence dans le domaine, je souhaiterais obtenir de l'aide afin me servir de ce logiciel, ou d'un autres si nécessaire.
Je vous en remercie d'avance,
Cordialement,
Baptiste
Autres pages sur : resolu virus
Lassé par la pub ? Créez un compte
Et voici mon rapport Hijackthis. ![]()
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:26, on 02/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe
C:\DOCUME~1\Baptiste\LOCALS~1\Temp\1druwlo2.tmp\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ask.com?o=14978&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Baptiste\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2052111302-1454471165-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1454471165-1417001333-1004\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2052111302-1454471165-1417001333-1004 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56EAA282-5173-403A-ADCA-29E4E621C9B8}: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{56EAA282-5173-403A-ADCA-29E4E621C9B8}: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS3\Services\Tcpip\..\{56EAA282-5173-403A-ADCA-29E4E621C9B8}: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8357 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:26, on 02/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Apple Application Support\distnoted.exe
C:\DOCUME~1\Baptiste\LOCALS~1\Temp\1druwlo2.tmp\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ask.com?o=14978&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Baptiste\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2052111302-1454471165-1417001333-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1454471165-1417001333-1004\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2052111302-1454471165-1417001333-1004 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User '?')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56EAA282-5173-403A-ADCA-29E4E621C9B8}: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS1\Services\Tcpip\..\{56EAA282-5173-403A-ADCA-29E4E621C9B8}: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CS3\Services\Tcpip\..\{56EAA282-5173-403A-ADCA-29E4E621C9B8}: NameServer = 93.188.162.241,93.188.160.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8357 bytes
Bonsoir
quand tu postes plusieurs fois, on pense que quelqu'un te prend en charge...
Télécharge ![]()
Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
Choisis la langue F pour français.
Au menu principal, choisis l'option Scanner.
/!\ Laisse travailler l'outil /!\
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
/!\ Pense à réactiver ton antivirus /!\
quand tu postes plusieurs fois, on pense que quelqu'un te prend en charge...
Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau./!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
/!\ Pense à réactiver ton antivirus /!\
Merci beaucoup pour ton aide Sham_Rock ! ![;)]( ";)")
Le lien que tu m'as donné ne semble plus être bon et me renvoie vers une page "introuvable" orange.
J'ai cherché le logiciel sur internet et ai suivi tes recommandations, mais j'ai rencontré un problème.
En effet, impossible de faire fonctionner le logiciel. Je tombe sur le message suivant :
![]()
[Edit] Je réessaye car je pense ne pas avoir téléchargé la bonne version du logiciel ...![:fou:]( ":fou:")
Le lien que tu m'as donné ne semble plus être bon et me renvoie vers une page "introuvable" orange.
J'ai cherché le logiciel sur internet et ai suivi tes recommandations, mais j'ai rencontré un problème.
En effet, impossible de faire fonctionner le logiciel. Je tombe sur le message suivant :
[Edit] Je réessaye car je pense ne pas avoir téléchargé la bonne version du logiciel ...
Je m'étais effectivement trompé de version ... Décidément, ce n'est pas mon jour ! ![]()
Voici le rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:30:42 le 02/11/2010, Mode normal
Service Pack 3 (X86)
Baptiste@CHAMBRE ( )
============== RECHERCHE ==============
Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier trouvé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\extensions\toolbar@ask.com
Fichier trouvé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\searchplugins\askcom.xml
Dossier trouvé: C:\Documents and Settings\Baptiste\Local Settings\Application Data\AskToolbar
Dossier trouvé: C:\Documents and Settings\Maël\Application Data\pdfforge
Dossier trouvé: C:\Documents and Settings\Maël\Application Data\Search Settings
-- Fichier ouvert: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
Ligne trouvée: user_pref("extensions.asktb.cbid", "J7");
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1288688514087");
Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne trouvée: user_pref("extensions.asktb.o", "14979");
Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.r", "2");
Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", true);
Ligne trouvée: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0...
Ligne trouvée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=f...
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé trouvée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé trouvée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\AppDataLow\AskBarDis
Clé trouvée: HKCU\Software\AppDataLow\AskHomePage
Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.12 (fr)] **
-- C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
browser.search.defaultenginename, Ask.com
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.12
keyword.URL, hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=fr_FR&apn_uid=FB24D9FE-3D93-4CF1-B...
-- C:\Documents and Settings\Maël\Application Data\Mozilla\FireFox\Profiles\370lzhuc.default\Prefs.js --
browser.download.lastDir, J:\\jeux xbox 360
browser.startup.homepage_override.mstone, rv:1.9.2.3
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://fr.ask.com?o=14978&l=dis
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 02/11/2010 (2469 Octet(s))
Fin à: 21:32:02, 02/11/2010
============== E.O.F ==============
Voici le rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 21:30:42 le 02/11/2010, Mode normal
Service Pack 3 (X86)
Baptiste@CHAMBRE ( )
============== RECHERCHE ==============
Fichier trouvé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier trouvé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\extensions\toolbar@ask.com
Fichier trouvé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\searchplugins\askcom.xml
Dossier trouvé: C:\Documents and Settings\Baptiste\Local Settings\Application Data\AskToolbar
Dossier trouvé: C:\Documents and Settings\Maël\Application Data\pdfforge
Dossier trouvé: C:\Documents and Settings\Maël\Application Data\Search Settings
-- Fichier ouvert: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne trouvée: user_pref("browser.search.order.1", "Ask.com");
Ligne trouvée: user_pref("extensions.asktb.cbid", "J7");
Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Ligne trouvée: user_pref("extensions.asktb.fresh-install", false);
Ligne trouvée: user_pref("extensions.asktb.l", "dis");
Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1288688514087");
Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne trouvée: user_pref("extensions.asktb.o", "14979");
Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871");
Ligne trouvée: user_pref("extensions.asktb.r", "2");
Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", true);
Ligne trouvée: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0...
Ligne trouvée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=f...
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé trouvée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé trouvée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé trouvée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\AppDataLow\AskBarDis
Clé trouvée: HKCU\Software\AppDataLow\AskHomePage
Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.12 (fr)] **
-- C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
browser.search.defaultenginename, Ask.com
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.12
keyword.URL, hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=fr_FR&apn_uid=FB24D9FE-3D93-4CF1-B...
-- C:\Documents and Settings\Maël\Application Data\Mozilla\FireFox\Profiles\370lzhuc.default\Prefs.js --
browser.download.lastDir, J:\\jeux xbox 360
browser.startup.homepage_override.mstone, rv:1.9.2.3
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Show_ToolBar: yes
Start Page: hxxp://fr.ask.com?o=14978&l=dis
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 02/11/2010 (2469 Octet(s))
Fin à: 21:32:02, 02/11/2010
============== E.O.F ==============
re
/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
Choisis la langue F pour français.
Au menu principal, choisis l'option Nettoyer.
/!\ Laisse travailler l'outil /!\
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
/!\ Pense à réactiver ton antivirus /!\
/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
/!\ Pense à réactiver ton antivirus /!\
Re, voici le nouveau rapport :
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 11:46:01 le 03/11/2010, Mode normal
Service Pack 3 (X86)
Baptiste@CHAMBRE ( )
============== ACTION(S) ==============
Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier supprimé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\extensions\toolbar@ask.com
Fichier supprimé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\searchplugins\askcom.xml
Dossier supprimé: C:\Documents and Settings\Baptiste\Local Settings\Application Data\AskToolbar
Dossier supprimé: C:\Documents and Settings\Maël\Application Data\pdfforge
Dossier supprimé: C:\Documents and Settings\Maël\Application Data\Search Settings
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");
Ligne supprimée: user_pref("extensions.asktb.cbid", "J7");
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
Ligne supprimée: user_pref("extensions.asktb.l", "dis");
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1288688514087");
Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne supprimée: user_pref("extensions.asktb.o", "14979");
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
Ligne supprimée: user_pref("extensions.asktb.r", "2");
Ligne supprimée: user_pref("extensions.asktb.search-suggestions-enabled", true);
Ligne supprimée: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0...
Ligne supprimée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=f...
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé supprimée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé supprimée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé supprimée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AskToolbar
Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
Clé supprimée: HKCU\Software\AppDataLow\AskHomePage
Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.12 (fr)] **
-- C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.12
-- C:\Documents and Settings\Maël\Application Data\Mozilla\FireFox\Profiles\370lzhuc.default\Prefs.js --
browser.download.lastDir, J:\\jeux xbox 360
browser.startup.homepage_override.mstone, rv:1.9.2.3
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 169 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 03/11/2010 (2600 Octet(s))
C:\Ad-Report-SCAN[1].txt - 02/11/2010 (7108 Octet(s))
Fin à: 11:48:24, 03/11/2010
============== E.O.F ==============
Encore merci pour ton aide précieuse ...![:)]( ":)")
======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 25/10/10 à 11:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 11:46:01 le 03/11/2010, Mode normal
Service Pack 3 (X86)
Baptiste@CHAMBRE ( )
============== ACTION(S) ==============
Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier supprimé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\extensions\toolbar@ask.com
Fichier supprimé: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\searchplugins\askcom.xml
Dossier supprimé: C:\Documents and Settings\Baptiste\Local Settings\Application Data\AskToolbar
Dossier supprimé: C:\Documents and Settings\Maël\Application Data\pdfforge
Dossier supprimé: C:\Documents and Settings\Maël\Application Data\Search Settings
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com");
Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com");
Ligne supprimée: user_pref("browser.search.order.1", "Ask.com");
Ligne supprimée: user_pref("extensions.asktb.cbid", "J7");
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
Ligne supprimée: user_pref("extensions.asktb.l", "dis");
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1288688514087");
Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne supprimée: user_pref("extensions.asktb.o", "14979");
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
Ligne supprimée: user_pref("extensions.asktb.r", "2");
Ligne supprimée: user_pref("extensions.asktb.search-suggestions-enabled", true);
Ligne supprimée: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17,{CAFEEFAC-0016-0...
Ligne supprimée: user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=f...
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé supprimée: HKLM\Software\Classes\CLSID\{47C6C527-6204-4F91-849D-66E234DEE015}
Clé supprimée: HKLM\Software\Classes\CLSID\{9461b922-3c5a-11d2-bf8b-00c04fb93661}
Clé supprimée: HKLM\Software\Classes\CLSID\{B791A095-A4AC-4312-8894-5B7E8FF5B3CD}
Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\TypeLib\{ECA4E801-17AE-4863-9F5C-AF4047AABEE0}
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AskToolbar
Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
Clé supprimée: HKCU\Software\AppDataLow\AskHomePage
Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.12 (fr)] **
-- C:\Documents and Settings\Baptiste\Application Data\Mozilla\FireFox\Profiles\b1ts80mh.default\Prefs.js --
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.12
-- C:\Documents and Settings\Maël\Application Data\Mozilla\FireFox\Profiles\370lzhuc.default\Prefs.js --
browser.download.lastDir, J:\\jeux xbox 360
browser.startup.homepage_override.mstone, rv:1.9.2.3
========================================
** Internet Explorer Version [8.0.6001.18702] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 169 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 03/11/2010 (2600 Octet(s))
C:\Ad-Report-SCAN[1].txt - 02/11/2010 (7108 Octet(s))
Fin à: 11:48:24, 03/11/2010
============== E.O.F ==============
Encore merci pour ton aide précieuse ...
re
Télécharge![]()
DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
Télécharge
DDS et sauvegarde-le sur ton bureau.<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**
Bonsoir ![:)]( ":)")
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
mais attention, vu que ton infection semble faire planter les outils, il faut feinter pour que tu puisses lancer combofix donc:
renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
http://forum.pcastuces.com/combofix___renommer_au_telec...
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
mais attention, vu que ton infection semble faire planter les outils, il faut feinter pour que tu puisses lancer combofix donc:
renomme Combofix en Combo-Fix avant de lancer le téléchargement comme suit:
http://forum.pcastuces.com/combofix___renommer_au_telec...
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Salut,
J'ai à nouveau un problème ... Impossible d'utiliser ComboFix non plus.
J'ai portant suivi les recommandations : renommé, sur bureau, aucune autre application, antivirus désactivés, etc.
La première fois que j'ai essayé, je suis parvenu jusqu'à la "limitation de garantie du logiciel", après avoir cliqué sur "Oui", plus rien.
Lorsque je lance désormais le logiciel, la barre progresse et une fois la progression achevée, la petite fenêtre disparaît.
Lorsque je relance ComboFix, un message m'indique que certains fichiers n'ont pu être créés et qu'il faut que je relance mon PC, et réinstalle le logiciel.
J'ai essayé à plusieurs reprises mais toujours rien.
![:pt1cable:]( ":pt1cable:")
![;)]( ";)")
J'ai à nouveau un problème ... Impossible d'utiliser ComboFix non plus.
J'ai portant suivi les recommandations : renommé, sur bureau, aucune autre application, antivirus désactivés, etc.
La première fois que j'ai essayé, je suis parvenu jusqu'à la "limitation de garantie du logiciel", après avoir cliqué sur "Oui", plus rien.
Lorsque je lance désormais le logiciel, la barre progresse et une fois la progression achevée, la petite fenêtre disparaît.
Lorsque je relance ComboFix, un message m'indique que certains fichiers n'ont pu être créés et qu'il faut que je relance mon PC, et réinstalle le logiciel.
J'ai essayé à plusieurs reprises mais toujours rien.
re
on va essayer un truc...
1
Télécharge Rkill de Grinler: ![]()
Rkill
Double-clique dessus pour le lancer. Il va arrêter automatiquement tous les processus associés à Security Tool et à d'autres rogues. Patience car le logiciel peut prendre du temps ! Une fois terminé, le logiciel se ferme tout simplement : c'est normal . Passe directement à la suite de la désinfection.
Si tu as un message qui signale que Rkill est un indésirable, ignore-le et lance de nouveau Rkill après désactivation du logiciel le considérant comme néfaste.
2
Lance combofix
+++++++++++++++++++
Si ça marche pas, on passera à autre chose ;O)
on va essayer un truc...
1
Rkill 2
Lance combofix
+++++++++++++++++++
Si ça marche pas, on passera à autre chose ;O)
Bonsoir,
Bon, j'ai essayé d'utiliser Rkill mais à la fin du programme, il ne restait plus que mon fond d'écran.
Aucun programme n'avait été détecté apparemment, d'après le rapport.
J'ai réessayé ComboFix, rien. J'ai, à tout hasard, tenté à nouveau avec DDS et miracle, ça a fonctionné !
Voici le rapport (DDS.txt) :
DDS (Ver_10-11-03.01) - NTFSx86
Run by Baptiste at 23:07:46,01 on 05/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
============== Running Processes ===============
============== Pseudo HJT Report ===============
uWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\baptiste\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\baptiste\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\baptiste\menudm~1\progra~1\dmarra~1\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.241,93.188.160.51
TCP: {56EAA282-5173-403A-ADCA-29E4E621C9B8} = 93.188.162.241,93.188.160.51
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\baptiste\applic~1\mozilla\firefox\profiles\b1ts80mh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\baptiste\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\baptiste\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-11-02 20:30:40 -------- d-----w- c:\program files\Ad-Remover
2010-11-02 10:02:48 -------- d-----w- c:\program files\Lavasoft
2010-10-23 13:44:49 -------- d-----w- c:\documents and settings\baptiste\Autres
2010-10-23 13:44:26 -------- d-----w- c:\documents and settings\baptiste\Télévision
2010-10-23 13:39:13 -------- d-----w- c:\documents and settings\baptiste\Newsroom
2010-10-23 13:38:50 -------- d-----w- c:\documents and settings\baptiste\Météo
2010-10-23 13:33:31 -------- d-----w- c:\documents and settings\baptiste\Avatars Lady Gaga
2010-10-21 16:46:25 40960 ----a-r- c:\docume~1\baptiste\applic~1\microsoft\installer\{e2e164ab-1367-488f-8f1f-ba312db2ff18}\NewShortcut1_E2E164AB1367488F8F1FBA312DB2FF18.exe
2010-10-21 16:46:25 2649600 ----a-r- c:\docume~1\baptiste\applic~1\microsoft\installer\{e2e164ab-1367-488f-8f1f-ba312db2ff18}\New_Shortcut_S3177_E2E164AB1367488F8F1FBA312DB2FF18.exe
2010-10-21 16:46:20 -------- d-----w- c:\program files\Evariste
2010-10-17 16:02:48 -------- d-----w- c:\docume~1\baptiste\applic~1\Synthesia
2010-10-17 15:53:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-17 15:53:10 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-15 14:59:03 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 14:59:03 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 14:58:32 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 18:38:49 -------- d-----w- c:\docume~1\baptiste\applic~1\VDownloader
2010-10-10 18:37:28 -------- d-----w- c:\docume~1\baptiste\locals~1\applic~1\VDownloader
2010-10-10 18:27:29 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-10 18:18:51 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-10 18:16:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-10 18:16:15 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-10 18:16:14 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-10 18:16:14 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-10 18:16:14 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-10 18:16:14 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-10 18:16:13 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-10 18:16:13 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-10 18:16:11 -------- d-----w- C:\fee61fe0bda12b7ff8b9df2cf9c3ed
2010-10-10 17:16:12 -------- d-----w- c:\program files\VDownloader
2010-10-10 17:05:05 -------- d-----w- c:\program files\YouTUBE (TM) movie downloader
==================== Find3M ====================
2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:24 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:24 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:24 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55:16 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:58 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58:58 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-25 06:35:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-25 06:35:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-23 16:12:44 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44:32 590848 ----a-w- c:\windows\system32\rpcrt4.dll
============= FINISH: 23:12:02,03 ===============
Je ne crois pas avoir eu cette étape par contre : Clique Oui à la prochaine invite Optional Scan.
Voilà, voilà. Une fois de plus merci pour ton suivi !
![:)]( ":)")
Bon, j'ai essayé d'utiliser Rkill mais à la fin du programme, il ne restait plus que mon fond d'écran.
Aucun programme n'avait été détecté apparemment, d'après le rapport.
J'ai réessayé ComboFix, rien. J'ai, à tout hasard, tenté à nouveau avec DDS et miracle, ça a fonctionné !
Voici le rapport (DDS.txt) :
DDS (Ver_10-11-03.01) - NTFSx86
Run by Baptiste at 23:07:46,01 on 05/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
============== Running Processes ===============
============== Pseudo HJT Report ===============
uWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\baptiste\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\baptiste\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\baptiste\menudm~1\progra~1\dmarra~1\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.241,93.188.160.51
TCP: {56EAA282-5173-403A-ADCA-29E4E621C9B8} = 93.188.162.241,93.188.160.51
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\baptiste\applic~1\mozilla\firefox\profiles\b1ts80mh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\baptiste\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\baptiste\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-11-02 20:30:40 -------- d-----w- c:\program files\Ad-Remover
2010-11-02 10:02:48 -------- d-----w- c:\program files\Lavasoft
2010-10-23 13:44:49 -------- d-----w- c:\documents and settings\baptiste\Autres
2010-10-23 13:44:26 -------- d-----w- c:\documents and settings\baptiste\Télévision
2010-10-23 13:39:13 -------- d-----w- c:\documents and settings\baptiste\Newsroom
2010-10-23 13:38:50 -------- d-----w- c:\documents and settings\baptiste\Météo
2010-10-23 13:33:31 -------- d-----w- c:\documents and settings\baptiste\Avatars Lady Gaga
2010-10-21 16:46:25 40960 ----a-r- c:\docume~1\baptiste\applic~1\microsoft\installer\{e2e164ab-1367-488f-8f1f-ba312db2ff18}\NewShortcut1_E2E164AB1367488F8F1FBA312DB2FF18.exe
2010-10-21 16:46:25 2649600 ----a-r- c:\docume~1\baptiste\applic~1\microsoft\installer\{e2e164ab-1367-488f-8f1f-ba312db2ff18}\New_Shortcut_S3177_E2E164AB1367488F8F1FBA312DB2FF18.exe
2010-10-21 16:46:20 -------- d-----w- c:\program files\Evariste
2010-10-17 16:02:48 -------- d-----w- c:\docume~1\baptiste\applic~1\Synthesia
2010-10-17 15:53:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-10-17 15:53:10 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-10-15 14:59:03 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 14:59:03 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 14:58:32 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-10 18:38:49 -------- d-----w- c:\docume~1\baptiste\applic~1\VDownloader
2010-10-10 18:37:28 -------- d-----w- c:\docume~1\baptiste\locals~1\applic~1\VDownloader
2010-10-10 18:27:29 14048 ------w- c:\windows\system32\spmsg2.dll
2010-10-10 18:18:51 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-10 18:16:15 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-10-10 18:16:15 117760 ------w- c:\windows\system32\prntvpt.dll
2010-10-10 18:16:14 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-10-10 18:16:14 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-10 18:16:14 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-10-10 18:16:14 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-10-10 18:16:13 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-10-10 18:16:13 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-10-10 18:16:11 -------- d-----w- C:\fee61fe0bda12b7ff8b9df2cf9c3ed
2010-10-10 17:16:12 -------- d-----w- c:\program files\VDownloader
2010-10-10 17:05:05 -------- d-----w- c:\program files\YouTUBE (TM) movie downloader
==================== Find3M ====================
2010-09-18 10:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:24 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:24 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:24 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:50:15 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:51 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:55:16 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:58 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:58:58 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-25 06:35:35 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-25 06:35:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-08-23 16:12:44 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44:32 590848 ----a-w- c:\windows\system32\rpcrt4.dll
============= FINISH: 23:12:02,03 ===============
Je ne crois pas avoir eu cette étape par contre : Clique Oui à la prochaine invite Optional Scan.
Voilà, voilà. Une fois de plus merci pour ton suivi !
re
Tu as un cd de windows?
Télécharge OTLPENet.
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD.
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune
Double-clique sur l'icone OTLPE
quand demandé "Do you wish to load the remote registry", select Yes
quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
![]()
sous Custom Scan box
1 copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
csrss.exe
smss.exe
svchost.exe
services.exe
spoolsv.exe
alg.exe
ctfmon.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
i8042prt.sys
cdrom.sys
disk.sys
ndis.sys
tcpip.sys
mountmgr.sys
aec.sys
rasacd.sys
redbook.sys
ipsec.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
2 Clic Run Scan pour démarrer le scan.
Une fois terminé , le fichier se trouve là C:\OTL.txt
Copie_colle le contenu dans ta prochaine réponse.
+++++++++++++++++++++++++++++++++++
Tu as un cd de windows?
Télécharge OTLPENet.
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD.
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
1 copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
csrss.exe
smss.exe
svchost.exe
services.exe
spoolsv.exe
alg.exe
ctfmon.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
i8042prt.sys
cdrom.sys
disk.sys
ndis.sys
tcpip.sys
mountmgr.sys
aec.sys
rasacd.sys
redbook.sys
ipsec.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
+++++++++++++++++++++++++++++++++++
Oui, j'ai le CD de Windows.
OTL logfile created on: 11/6/2010 4:44:12 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,023.00 Mb Total Physical Memory | 811.00 Mb Available Physical Memory | 79.00% Memory free
906.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 24.49 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
Drive I: | 983.72 Mb Total Space | 96.84 Mb Free Space | 9.84% Space Free | Partition Type: FAT
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/23 07:40:22 | 002,950,744 | ---- | M] () [Auto] -- C:\Program Files\Fichiers communs\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/08/13 06:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- I:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- I:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/09/17 03:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 22:04:35 | 000,037,632 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2005/05/23 14:29:00 | 000,392,448 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2001/08/17 17:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Baptiste_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\Baptiste_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Baptiste_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Maël.CHAMBRE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 06:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 16:37:23 | 000,000,000 | ---D | M]
[2010/11/05 18:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 16:09:35 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/27 16:09:35 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/27 16:09:35 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/27 16:09:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/27 16:09:35 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/06/15 13:39:18 | 000,404,421 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Baptiste_ON_C..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\Baptiste_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Baptiste_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Baptiste\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Maël\Menu Démarrer\Programmes\Démarrage\GameRanger.lnk = C:\Documents and Settings\Administrateur\Application Data\GameRanger\GameRanger\GameRanger.exe File not found
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Baptiste_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Baptiste_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maël.CHAMBRE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 17:17:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/06 03:37:18 | 000,000,234 | -H-- | M] () - I:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP![:o]( ":o")
E /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/05 18:06:01 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/05 12:42:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/02 16:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/11/02 06:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/31 17:51:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.AUTORITE NT\IETldCache
[2010/10/24 03:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Downloads
[2010/10/23 09:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Autres
[2010/10/23 09:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Télévision
[2010/10/23 09:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Newsroom
[2010/10/23 09:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Météo
[2010/10/23 09:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Avatars Lady Gaga
[2010/10/23 08:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Logiciels
[2010/10/23 08:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Documents
[2010/10/23 08:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Graphisme
[2010/10/21 12:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Evariste
[2010/10/17 12:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Application Data\Synthesia
[2010/10/17 11:53:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/17 11:53:10 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/10/17 11:52:22 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/10/17 11:52:22 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/10/17 11:52:22 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/10/17 11:52:22 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/10/17 11:52:22 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/10/17 11:52:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/10/17 11:52:21 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/10/17 11:52:21 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/10/17 11:52:21 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/10/17 11:52:21 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/10/17 11:52:21 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/10/17 11:52:21 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/10/17 11:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/10/15 10:59:03 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 10:59:03 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 10:58:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/11 12:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.AUTORITE NT\IETldCache
[2010/10/10 14:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Application Data\VDownloader
[2010/10/10 14:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Local Settings\Application Data\VDownloader
[2010/10/10 14:27:29 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/10/10 14:16:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/10/10 14:16:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/10/10 14:16:14 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/10/10 14:16:14 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/10/10 14:16:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/10/10 14:16:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/10/10 14:16:11 | 000,000,000 | ---D | C] -- C:\fee61fe0bda12b7ff8b9df2cf9c3ed
[2010/10/10 13:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
[2010/10/10 13:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\YouTUBE (TM) movie downloader
[2010/06/16 03:09:54 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2010/06/16 03:09:54 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2010/06/16 03:09:54 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/06 10:28:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 10:25:22 | 000,005,187 | ---- | M] () -- C:\Documents and Settings\Baptiste\.recently-used.xbel
[2010/11/06 10:25:17 | 000,287,101 | ---- | M] () -- C:\Documents and Settings\Baptiste\rect370042.png
[2010/11/06 10:25:05 | 000,023,326 | ---- | M] () -- C:\Documents and Settings\Baptiste\rect37042.png
[2010/11/06 10:16:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1454471165-1417001333-1004UA.job
[2010/11/06 09:10:44 | 000,174,080 | ---- | M] () -- C:\Documents and Settings\Baptiste\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 08:56:05 | 000,067,958 | ---- | M] () -- C:\Documents and Settings\Baptiste\rect28300.png
[2010/11/06 03:31:51 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/06 03:31:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-1454471165-1417001333-1004.job
[2010/11/05 17:17:50 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\Google Chrome.lnk
[2010/11/05 17:17:50 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Baptiste\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 13:24:11 | 003,903,424 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\Combo-Fix.exe
[2010/11/04 14:00:37 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\dds.scr
[2010/11/04 13:56:16 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/02 16:30:41 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R.lnk
[2010/11/02 16:17:21 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/11/02 16:13:46 | 000,014,911 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R_2.0.0.2,B.exe
[2010/11/02 06:13:32 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/01 16:29:06 | 001,525,111 | ---- | M] () -- C:\Documents and Settings\Baptiste\danceinthedark.pdf
[2010/11/01 16:28:24 | 000,068,565 | ---- | M] () -- C:\Documents and Settings\Baptiste\20100908133959_Alejandro.pdf
[2010/11/01 16:10:59 | 000,070,953 | ---- | M] () -- C:\Documents and Settings\Baptiste\20100522163658_Lady Gaga - Poker face.pdf
[2010/11/01 15:56:50 | 000,081,005 | ---- | M] () -- C:\Documents and Settings\Baptiste\20100522163642_Lady Gaga - Paparazzi.pdf
[2010/10/31 18:03:45 | 000,498,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/31 14:00:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-1454471165-1417001333-1004.job
[2010/10/31 02:40:36 | 000,500,454 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/10/31 02:40:36 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 02:40:36 | 000,080,508 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/10/31 02:40:36 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/25 01:47:24 | 000,055,076 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/24 16:45:13 | 000,020,119 | ---- | M] () -- C:\Documents and Settings\Baptiste\LG4.png
[2010/10/23 11:00:36 | 000,018,470 | ---- | M] () -- C:\Documents and Settings\Baptiste\LGBTW3.png
[2010/10/23 10:59:32 | 000,020,578 | ---- | M] () -- C:\Documents and Settings\Baptiste\LGBTW2.png
[2010/10/23 10:58:45 | 000,019,514 | ---- | M] () -- C:\Documents and Settings\Baptiste\LGBTW1.png
[2010/10/19 01:16:03 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1454471165-1417001333-1004Core.job
[2010/10/15 17:00:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 12:16:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Baptiste\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/06 10:25:22 | 000,005,187 | ---- | C] () -- C:\Documents and Settings\Baptiste\.recently-used.xbel
[2010/11/06 10:25:17 | 000,287,101 | ---- | C] () -- C:\Documents and Settings\Baptiste\rect370042.png
[2010/11/06 10:25:05 | 000,023,326 | ---- | C] () -- C:\Documents and Settings\Baptiste\rect37042.png
[2010/11/06 08:56:05 | 000,067,958 | ---- | C] () -- C:\Documents and Settings\Baptiste\rect28300.png
[2010/11/05 13:23:55 | 003,903,424 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\Combo-Fix.exe
[2010/11/04 14:00:33 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\dds.scr
[2010/11/02 16:30:41 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R.lnk
[2010/11/02 16:17:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/11/02 16:13:42 | 000,014,911 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R_2.0.0.2,B.exe
[2010/11/02 06:13:22 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/01 16:29:06 | 001,525,111 | ---- | C] () -- C:\Documents and Settings\Baptiste\danceinthedark.pdf
[2010/11/01 16:28:24 | 000,068,565 | ---- | C] () -- C:\Documents and Settings\Baptiste\20100908133959_Alejandro.pdf
[2010/11/01 16:10:59 | 000,070,953 | ---- | C] () -- C:\Documents and Settings\Baptiste\20100522163658_Lady Gaga - Poker face.pdf
[2010/11/01 15:56:50 | 000,081,005 | ---- | C] () -- C:\Documents and Settings\Baptiste\20100522163642_Lady Gaga - Paparazzi.pdf
[2010/10/24 16:45:13 | 000,020,119 | ---- | C] () -- C:\Documents and Settings\Baptiste\LG4.png
[2010/10/23 11:00:35 | 000,018,470 | ---- | C] () -- C:\Documents and Settings\Baptiste\LGBTW3.png
[2010/10/23 10:59:32 | 000,020,578 | ---- | C] () -- C:\Documents and Settings\Baptiste\LGBTW2.png
[2010/10/23 10:58:45 | 000,019,514 | ---- | C] () -- C:\Documents and Settings\Baptiste\LGBTW1.png
[2010/09/25 11:12:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/08/23 13:36:48 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/24 16:45:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/06/16 03:09:54 | 000,392,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2010/06/16 03:09:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2010/06/16 03:09:54 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2010/06/14 15:01:02 | 000,174,080 | ---- | C] () -- C:\Documents and Settings\Baptiste\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 14:40:56 | 000,001,346 | ---- | C] () -- C:\Documents and Settings\Administrateur\.recently-used.xbel
[2010/06/14 14:30:00 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 13:15:50 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/14 12:17:12 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/06/14 12:03:55 | 000,002,046 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/14 12:03:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/09/17 03:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 03:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 03:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 03:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 03:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/02 08:00:00 | 000,037,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\isapnp.sys
[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1998/02/10 13:17:48 | 000,038,800 | ---- | C] () -- C:\Documents and Settings\Baptiste\Application Data\ARIALREG.TTF
[1997/06/07 02:47:12 | 000,025,888 | ---- | C] () -- C:\Documents and Settings\Baptiste\Application Data\regressi.fon
========== LOP Check ==========
[2010/06/14 14:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\inkscape
[2010/10/24 04:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\BitTorrent
[2010/09/22 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\FileZilla
[2010/06/14 12:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\inkscape
[2010/11/06 03:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\LimeWire
[2010/06/16 04:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\NeatImage SL
[2010/06/25 14:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Nvu
[2010/09/12 04:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Octoshape
[2010/07/02 04:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Opera
[2010/10/17 12:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Synthesia
[2010/06/16 07:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Vara Software
[2010/10/10 14:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\VDownloader
[2010/11/02 06:13:32 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
Invalid Environment Variable: %APPDATA%\*.
Invalid Environment Variable: %APPDATA%\*.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AEC.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
[2004/08/03 16:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
< MD5 for: AGP440.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ALG.EXE >
[2008/04/13 22:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe
[2008/04/13 22:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe
[2006/03/02 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=B43CC0F07752D456038CD0268E4D84E9 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe
< MD5 for: ATAPI.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: CDROM.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006/03/02 08:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CSRSS.EXE >
[2006/03/02 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6EDCA12F58A4513637AF2DEBB1629BC8 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008/04/13 22:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 22:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe
< MD5 for: CTFMON.EXE >
[2008/04/13 22:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/13 22:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2006/03/02 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
< MD5 for: DISK.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab![:D]( ":D")
isk.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab![:D]( ":D")
isk.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab![:D]( ":D")
isk.sys
[2006/03/02 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
< MD5 for: EVENTLOG.DLL >
[2006/03/02 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2006/03/02 08:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: I8042PRT.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2006/03/02 08:00:00 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006/03/02 08:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
< MD5 for: MOUNTMGR.SYS >
[2006/03/02 08:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
< MD5 for: MRXSMB.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/03/02 08:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB980232_0$\mrxsmb.sys
[2010/02/24 08:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/03/02 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: RASACD.SYS >
[2006/03/02 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2006/03/02 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
< MD5 for: REDBOOK.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/19 11:54:52 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys
< MD5 for: SCECLI.DLL >
[2006/03/02 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/02/09 05:53:11 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=51A24094F076961A7FF73E5F7E991D68 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2008/04/13 22:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 22:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/09 07:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2006/03/02 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=63DCDE1A0D86EEB8924D6738FF616EAD -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009/02/09 06:08:26 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9D6BF82FE50D55F20F8E10E0F6653886 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe
< MD5 for: SMSS.EXE >
[2008/04/13 22:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/13 22:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\system32\smss.exe
[2006/03/02 08:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=70A9BCEA4D3B3B4773F9A871F5FEEF57 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2008/04/13 22:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 22:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2006/03/02 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DF9FC62AD51CB082B0AE371919A232CB -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2006/03/02 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2979B03D5382A602623C0535B16AB9C0 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/03/02 08:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: TERMDD.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
[2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
[2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/19 10:10:18 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys
< MD5 for: USERINIT.EXE >
[2006/03/02 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WIN32K.SYS >
[2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/05/02 04:02:25 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2006/03/02 08:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\WINDOWS\$NtUninstallKB979559_0$\win32k.sys
[2010/09/01 03:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2010/05/02 04:26:00 | 001,851,008 | ---- | M] (Microsoft Corporation) MD5=AE4FE6BCC37669A0C9D2FA2E9A3B3DA6 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2010/05/02 03:56:22 | 001,860,096 | ---- | M] (Microsoft Corporation) MD5=C672B68BC50206D387725077E8B86D90 -- C:\WINDOWS\$hf_mig$\KB979559\SP2QFE\win32k.sys
[2010/09/01 03:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2010/09/01 03:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\system32\win32k.sys
[2010/06/24 05:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2010/05/02 04:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$hf_mig$\KB979559\SP3GDR\win32k.sys
[2010/05/02 04:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2010/06/24 17:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
< MD5 for: WINLOGON.EXE >
[2006/03/02 08:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/09/10 01:50:13 | 011,080,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/09/10 01:50:14 | 001,986,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2010/07/27 02:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010/06/14 13:12:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/14 13:12:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/14 13:12:50 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
![:wahoo:]( ":wahoo:")
OTL logfile created on: 11/6/2010 4:44:12 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1,023.00 Mb Total Physical Memory | 811.00 Mb Available Physical Memory | 79.00% Memory free
906.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 24.49 Gb Free Space | 13.14% Space Free | Partition Type: NTFS
Drive I: | 983.72 Mb Total Space | 96.84 Mb Free Space | 9.84% Space Free | Partition Type: FAT
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/23 07:40:22 | 002,950,744 | ---- | M] () [Auto] -- C:\Program Files\Fichiers communs\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/08/13 06:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- I:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- I:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/09/17 03:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 22:04:35 | 000,037,632 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2005/05/23 14:29:00 | 000,392,448 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2001/08/17 17:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Baptiste_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\Baptiste_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Baptiste_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Maël.CHAMBRE_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 06:47:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 16:37:23 | 000,000,000 | ---D | M]
[2010/11/05 18:40:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 16:09:35 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/27 16:09:35 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/27 16:09:35 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/27 16:09:35 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/27 16:09:35 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml
O1 HOSTS File: ([2010/06/15 13:39:18 | 000,404,421 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13983 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Baptiste_ON_C..\Run: [Octoshape Streaming Services] C:\Documents and Settings\Baptiste\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\Baptiste_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Baptiste_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Baptiste\Menu Démarrer\Programmes\Démarrage\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Maël\Menu Démarrer\Programmes\Démarrage\GameRanger.lnk = C:\Documents and Settings\Administrateur\Application Data\GameRanger\GameRanger\GameRanger.exe File not found
O4 - Startup: C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrateur_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Baptiste_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Baptiste_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Maël.CHAMBRE_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-wind... (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.241,93.188.160.51
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/04 17:17:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/06 03:37:18 | 000,000,234 | -H-- | M] () - I:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP
E /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2010/11/05 18:06:01 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/05 12:42:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/02 16:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/11/02 06:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/10/31 17:51:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService.AUTORITE NT\IETldCache
[2010/10/24 03:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Downloads
[2010/10/23 09:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Autres
[2010/10/23 09:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Télévision
[2010/10/23 09:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Newsroom
[2010/10/23 09:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Météo
[2010/10/23 09:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Avatars Lady Gaga
[2010/10/23 08:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Logiciels
[2010/10/23 08:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Documents
[2010/10/23 08:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Mes documents\Graphisme
[2010/10/21 12:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Evariste
[2010/10/17 12:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Application Data\Synthesia
[2010/10/17 11:53:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/10/17 11:53:10 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/10/17 11:52:22 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/10/17 11:52:22 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/10/17 11:52:22 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/10/17 11:52:22 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/10/17 11:52:22 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/10/17 11:52:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/10/17 11:52:21 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/10/17 11:52:21 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010/10/17 11:52:21 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010/10/17 11:52:21 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010/10/17 11:52:21 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010/10/17 11:52:21 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010/10/17 11:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/10/15 10:59:03 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/15 10:59:03 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/15 10:58:32 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/11 12:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService.AUTORITE NT\IETldCache
[2010/10/10 14:38:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Application Data\VDownloader
[2010/10/10 14:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Baptiste\Local Settings\Application Data\VDownloader
[2010/10/10 14:27:29 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/10/10 14:16:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/10/10 14:16:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/10/10 14:16:14 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/10/10 14:16:14 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/10/10 14:16:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/10/10 14:16:13 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/10/10 14:16:11 | 000,000,000 | ---D | C] -- C:\fee61fe0bda12b7ff8b9df2cf9c3ed
[2010/10/10 13:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
[2010/10/10 13:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\YouTUBE (TM) movie downloader
[2010/06/16 03:09:54 | 000,098,304 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd2.dll
[2010/06/16 03:09:54 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2010/06/16 03:09:54 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/11/06 10:28:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/06 10:25:22 | 000,005,187 | ---- | M] () -- C:\Documents and Settings\Baptiste\.recently-used.xbel
[2010/11/06 10:25:17 | 000,287,101 | ---- | M] () -- C:\Documents and Settings\Baptiste\rect370042.png
[2010/11/06 10:25:05 | 000,023,326 | ---- | M] () -- C:\Documents and Settings\Baptiste\rect37042.png
[2010/11/06 10:16:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1454471165-1417001333-1004UA.job
[2010/11/06 09:10:44 | 000,174,080 | ---- | M] () -- C:\Documents and Settings\Baptiste\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/06 08:56:05 | 000,067,958 | ---- | M] () -- C:\Documents and Settings\Baptiste\rect28300.png
[2010/11/06 03:31:51 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/06 03:31:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-1454471165-1417001333-1004.job
[2010/11/05 17:17:50 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\Google Chrome.lnk
[2010/11/05 17:17:50 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\Baptiste\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 13:24:11 | 003,903,424 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\Combo-Fix.exe
[2010/11/04 14:00:37 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\dds.scr
[2010/11/04 13:56:16 | 000,013,700 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/02 16:30:41 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R.lnk
[2010/11/02 16:17:21 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/11/02 16:13:46 | 000,014,911 | ---- | M] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R_2.0.0.2,B.exe
[2010/11/02 06:13:32 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/01 16:29:06 | 001,525,111 | ---- | M] () -- C:\Documents and Settings\Baptiste\danceinthedark.pdf
[2010/11/01 16:28:24 | 000,068,565 | ---- | M] () -- C:\Documents and Settings\Baptiste\20100908133959_Alejandro.pdf
[2010/11/01 16:10:59 | 000,070,953 | ---- | M] () -- C:\Documents and Settings\Baptiste\20100522163658_Lady Gaga - Poker face.pdf
[2010/11/01 15:56:50 | 000,081,005 | ---- | M] () -- C:\Documents and Settings\Baptiste\20100522163642_Lady Gaga - Paparazzi.pdf
[2010/10/31 18:03:45 | 000,498,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/31 14:00:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-1454471165-1417001333-1004.job
[2010/10/31 02:40:36 | 000,500,454 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/10/31 02:40:36 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 02:40:36 | 000,080,508 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/10/31 02:40:36 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/25 01:47:24 | 000,055,076 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/24 16:45:13 | 000,020,119 | ---- | M] () -- C:\Documents and Settings\Baptiste\LG4.png
[2010/10/23 11:00:36 | 000,018,470 | ---- | M] () -- C:\Documents and Settings\Baptiste\LGBTW3.png
[2010/10/23 10:59:32 | 000,020,578 | ---- | M] () -- C:\Documents and Settings\Baptiste\LGBTW2.png
[2010/10/23 10:58:45 | 000,019,514 | ---- | M] () -- C:\Documents and Settings\Baptiste\LGBTW1.png
[2010/10/19 01:16:03 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1454471165-1417001333-1004Core.job
[2010/10/15 17:00:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 12:16:29 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Baptiste\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/11/06 10:25:22 | 000,005,187 | ---- | C] () -- C:\Documents and Settings\Baptiste\.recently-used.xbel
[2010/11/06 10:25:17 | 000,287,101 | ---- | C] () -- C:\Documents and Settings\Baptiste\rect370042.png
[2010/11/06 10:25:05 | 000,023,326 | ---- | C] () -- C:\Documents and Settings\Baptiste\rect37042.png
[2010/11/06 08:56:05 | 000,067,958 | ---- | C] () -- C:\Documents and Settings\Baptiste\rect28300.png
[2010/11/05 13:23:55 | 003,903,424 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\Combo-Fix.exe
[2010/11/04 14:00:33 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\dds.scr
[2010/11/02 16:30:41 | 000,001,554 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R.lnk
[2010/11/02 16:17:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System\cmicnfg.ini
[2010/11/02 16:13:42 | 000,014,911 | ---- | C] () -- C:\Documents and Settings\Baptiste\Bureau\AD-R_2.0.0.2,B.exe
[2010/11/02 06:13:22 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/01 16:29:06 | 001,525,111 | ---- | C] () -- C:\Documents and Settings\Baptiste\danceinthedark.pdf
[2010/11/01 16:28:24 | 000,068,565 | ---- | C] () -- C:\Documents and Settings\Baptiste\20100908133959_Alejandro.pdf
[2010/11/01 16:10:59 | 000,070,953 | ---- | C] () -- C:\Documents and Settings\Baptiste\20100522163658_Lady Gaga - Poker face.pdf
[2010/11/01 15:56:50 | 000,081,005 | ---- | C] () -- C:\Documents and Settings\Baptiste\20100522163642_Lady Gaga - Paparazzi.pdf
[2010/10/24 16:45:13 | 000,020,119 | ---- | C] () -- C:\Documents and Settings\Baptiste\LG4.png
[2010/10/23 11:00:35 | 000,018,470 | ---- | C] () -- C:\Documents and Settings\Baptiste\LGBTW3.png
[2010/10/23 10:59:32 | 000,020,578 | ---- | C] () -- C:\Documents and Settings\Baptiste\LGBTW2.png
[2010/10/23 10:58:45 | 000,019,514 | ---- | C] () -- C:\Documents and Settings\Baptiste\LGBTW1.png
[2010/09/25 11:12:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/08/23 13:36:48 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/24 16:45:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/06/16 03:09:54 | 000,392,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2010/06/16 03:09:54 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2010/06/16 03:09:54 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2010/06/14 15:01:02 | 000,174,080 | ---- | C] () -- C:\Documents and Settings\Baptiste\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 14:40:56 | 000,001,346 | ---- | C] () -- C:\Documents and Settings\Administrateur\.recently-used.xbel
[2010/06/14 14:30:00 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 13:15:50 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/14 12:17:12 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2010/06/14 12:03:55 | 000,002,046 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/14 12:03:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/09/17 03:55:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/17 03:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/17 03:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/17 03:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/17 03:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/02 08:00:00 | 000,037,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\isapnp.sys
[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1998/02/10 13:17:48 | 000,038,800 | ---- | C] () -- C:\Documents and Settings\Baptiste\Application Data\ARIALREG.TTF
[1997/06/07 02:47:12 | 000,025,888 | ---- | C] () -- C:\Documents and Settings\Baptiste\Application Data\regressi.fon
========== LOP Check ==========
[2010/06/14 14:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\inkscape
[2010/10/24 04:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\BitTorrent
[2010/09/22 08:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\FileZilla
[2010/06/14 12:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\inkscape
[2010/11/06 03:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\LimeWire
[2010/06/16 04:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\NeatImage SL
[2010/06/25 14:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Nvu
[2010/09/12 04:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Octoshape
[2010/07/02 04:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Opera
[2010/10/17 12:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Synthesia
[2010/06/16 07:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\Vara Software
[2010/10/10 14:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Baptiste\Application Data\VDownloader
[2010/11/02 06:13:32 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
Invalid Environment Variable: %APPDATA%\*.
Invalid Environment Variable: %APPDATA%\*.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AEC.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
[2004/08/03 16:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
< MD5 for: AGP440.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ALG.EXE >
[2008/04/13 22:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe
[2008/04/13 22:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe
[2006/03/02 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=B43CC0F07752D456038CD0268E4D84E9 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe
< MD5 for: ATAPI.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: CDROM.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006/03/02 08:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CSRSS.EXE >
[2006/03/02 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6EDCA12F58A4513637AF2DEBB1629BC8 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008/04/13 22:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 22:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe
< MD5 for: CTFMON.EXE >
[2008/04/13 22:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/13 22:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2006/03/02 08:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=64E41E8FEE655B03E3F19DED21BA5118 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
< MD5 for: DISK.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab
isk.sys[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab
isk.sys[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab
isk.sys[2006/03/02 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
< MD5 for: EVENTLOG.DLL >
[2006/03/02 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2006/03/02 08:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: I8042PRT.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:i8042prt.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:i8042prt.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:i8042prt.sys
[2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\ServicePackFiles\i386\i8042prt.sys
[2008/04/13 22:00:52 | 000,054,144 | ---- | M] (Microsoft Corporation) MD5=A09BDC4ED10E3B2E0EC27BB94AF32516 -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2006/03/02 08:00:00 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006/03/02 08:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
< MD5 for: MOUNTMGR.SYS >
[2006/03/02 08:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
< MD5 for: MRXSMB.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/03/02 08:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB980232_0$\mrxsmb.sys
[2010/02/24 08:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2008/04/13 15:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
< MD5 for: NDIS.SYS >
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006/03/02 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006/03/02 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
< MD5 for: RASACD.SYS >
[2006/03/02 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2006/03/02 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
< MD5 for: REDBOOK.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:redbook.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:redbook.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:redbook.sys
[2004/08/19 11:54:52 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS\$NtServicePackUninstall$\redbook.sys
[2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\ServicePackFiles\i386\redbook.sys
[2008/04/13 21:57:34 | 000,058,752 | ---- | M] (Microsoft Corporation) MD5=D8EB2A7904DB6C916EB5361878DDCBAE -- C:\WINDOWS\system32\drivers\redbook.sys
< MD5 for: SCECLI.DLL >
[2006/03/02 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009/02/09 05:53:11 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=51A24094F076961A7FF73E5F7E991D68 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2008/04/13 22:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 22:34:20 | 000,109,056 | ---- | M] (Microsoft Corporation) MD5=54CB50058851D95E56EC70D09F70857F -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/09 07:16:53 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=62789101F9C2401ED598AA2CDE7450C0 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2006/03/02 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=63DCDE1A0D86EEB8924D6738FF616EAD -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009/02/09 06:08:26 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9D6BF82FE50D55F20F8E10E0F6653886 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/09 07:23:48 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=C3FB1D70CB88722267949694BA51759E -- C:\WINDOWS\system32\services.exe
< MD5 for: SMSS.EXE >
[2008/04/13 22:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/13 22:34:22 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=48E430297DA757F5CC2793CCFACAD5E7 -- C:\WINDOWS\system32\smss.exe
[2006/03/02 08:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=70A9BCEA4D3B3B4773F9A871F5FEEF57 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SPOOLSV.EXE >
[2010/08/17 09:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2008/04/13 22:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 22:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2006/03/02 08:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DF9FC62AD51CB082B0AE371919A232CB -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
< MD5 for: SVCHOST.EXE >
[2006/03/02 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=2979B03D5382A602623C0535B16AB9C0 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008/04/13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 22:34:23 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=E4BDF223CD75478BF44567B4D5C2634D -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006/03/02 08:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: TERMDD.SYS >
[2006/03/02 08:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2010/09/04 05:11:16 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
[2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
[2008/04/13 22:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/19 10:10:18 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys
< MD5 for: USERINIT.EXE >
[2006/03/02 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WIN32K.SYS >
[2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2008/04/13 21:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/05/02 04:02:25 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2006/03/02 08:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\WINDOWS\$NtUninstallKB979559_0$\win32k.sys
[2010/09/01 03:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2010/05/02 04:26:00 | 001,851,008 | ---- | M] (Microsoft Corporation) MD5=AE4FE6BCC37669A0C9D2FA2E9A3B3DA6 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2010/05/02 03:56:22 | 001,860,096 | ---- | M] (Microsoft Corporation) MD5=C672B68BC50206D387725077E8B86D90 -- C:\WINDOWS\$hf_mig$\KB979559\SP2QFE\win32k.sys
[2010/09/01 03:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2010/09/01 03:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\system32\win32k.sys
[2010/06/24 05:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2010/05/02 04:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$hf_mig$\KB979559\SP3GDR\win32k.sys
[2010/05/02 04:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2010/06/24 17:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
< MD5 for: WINLOGON.EXE >
[2006/03/02 08:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 13:47:22 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2010/09/10 01:50:13 | 011,080,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2010/09/10 01:50:14 | 001,986,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2010/07/27 02:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010/06/14 13:12:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/06/14 13:12:50 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/06/14 13:12:50 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
re
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi:Antispyware gratuit : ça sert à rien!
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
![:hello:]( ":hello:")
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
Lire aussi:
~Edite ton premier message et marque [résolu] dans le titre.
Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.
Lassé par la pub ? Créez un compte
