Aller au contenu

Jisca

Membres
  • Compteur de contenus

    34
  • Inscription

  • Dernière visite

Tout ce qui a été posté par Jisca

  1. Bonjour, Je te remercie infiniment pour tout ce travail effectué (étalé sur 4 jours) c'est pas rien Merci aussi pour ta grande disponibilité, la clarté dans les démarches proposées, ton assiduité à me répondre Ça fait deux fois que je viens ici pour demander de l'aide et j'ai toujours reçu un excellent service ! Merci à L'équipe aussi, vous faites un travail formidable ! Bonne semaine à toi aussi ! :super:
  2. Allô Nette amélioration sur navigation et tout ... dernier rapport All processes killed ========== FILES ========== C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk moved successfully. C:\sevinst.exe moved successfully. ========== OTL ========== No active process named FSScrCtl.exe was found! Service MySql stopped successfully! Service MySql deleted successfully! File File not found not found. Service HidServ stopped successfully! Service HidServ deleted successfully! File File not found not found. Service AppMgmt stopped successfully! Service AppMgmt deleted successfully! File File not found not found. Service Apache stopped successfully! Service Apache deleted successfully! File File not found not found. File move failed. C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk scheduled to be moved on reboot. C:\WINDOWS\FSScrCtl.exe moved successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_USERS\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_USERS\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: GC ->Temp folder emptied: 21002309 bytes ->Temporary Internet Files folder emptied: 186550915 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 792 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 660554 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 115879 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1558 bytes Total Files Cleaned = 199,00 mb [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 0 bytes User: GC ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03132011_142615 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk not found! File\Folder C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\Y78ZNR9G\Essais_[qXD4fb]. not found! C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\V440Y70H\AP_ADV_728x90[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\R0WEKU4K\afr[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\R0WEKU4K\analyse-de-hijackthis-t183659[1].html moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\CWGMRRZ3\AP_CPL_728x90[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\CWGMRRZ3\ban_home_728x90[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...
  3. Bonjour merci ! Voici le dernier rapport: OTL logfile created on: 2011-03-13 10:05:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GC\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 239,00 Mb Total Physical Memory | 45,00 Mb Available Physical Memory | 19,00% Memory free 826,00 Mb Paging File | 288,00 Mb Available in Paging File | 35,00% Paging File free Paging file location(s): C:\pagefile.sys 600 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,27 Gb Total Space | 22,64 Gb Free Space | 60,74% Space Free | Partition Type: NTFS Computer Name: GHISLAINE | User Name: GC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\GC\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\FSScrCtl.exe (Stardust Software) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\GC\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MySql) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Apache) -- File not found SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc) DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = La Poésie que j'aime ... - 1999-2011- le site officiel IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" [2010-09-25 20:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions [2010-09-25 20:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2005-06-23 10:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-09-25 20:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions [2010-09-25 20:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2005-06-27 09:17:20 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011-03-09 21:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-28 09:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2003-04-24 08:00:00 | 000,000,790 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1004..\RunOnce: [shockwave Updater] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..Trusted Domains: lapoesiequejaime.net ([]https in Sites de confiance) O15 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..Trusted Domains: live.ca ([]https in Sites de confiance) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.) O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab (Malicious Software Removal Tool) O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Technical difficulties (Windows Live Safety Center Base Module) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38044.6048148148 (Reg Error: Key error.) O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://fdata.over-blog.com/script/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control) O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-02-27 18:16:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: Ip6FwHlp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282 ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009 ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707 ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715 ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167 ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567 ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: Ip6FwHlp - File not found ========== Files/Folders - Created Within 30 Days ========== [2011-03-13 10:02:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GC\Bureau\OTL.exe [2011-03-09 21:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Bureau\nettoyage [2011-03-09 19:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GC\Recent [2011-02-27 15:59:04 | 000,360,580 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2011-02-27 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\eSellerate [2011-02-27 15:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Mes documents\docXConverter logs [2011-02-27 15:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\docXConverter3 [2011-02-12 12:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck [2010-06-30 18:59:47 | 017,874,088 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_0_1_setup.exe [2009-11-09 21:55:57 | 000,834,042 | ---- | C] (REBOL Technologies) -- C:\Program Files\altme.exe [2006-07-16 09:58:31 | 002,988,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vwdsetup.exe [2005-02-04 12:05:52 | 012,718,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mp10setup.exe [2005-01-28 12:50:01 | 002,065,552 | ---- | C] (Symantec Corporation) -- C:\Program Files\NAVSetup.exe [2004-09-15 09:14:20 | 000,134,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\o2ksr1a.exe [2004-06-11 10:00:11 | 003,836,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msorun.exe [1999-03-23 10:12:40 | 000,011,264 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Program Files\_SETUP.DLL [1999-03-23 10:12:22 | 000,008,192 | ---- | C] (Stirling Technologies, Inc.) -- C:\Program Files\_ISDEL.EXE ========== Files - Modified Within 30 Days ========== [2011-03-13 10:06:35 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job [2011-03-13 10:02:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GC\Bureau\OTL.exe [2011-03-13 10:00:02 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2011-03-12 20:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-03-11 19:48:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-03-11 19:48:15 | 000,228,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-03-11 16:40:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-03-09 21:04:00 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-03-09 10:12:19 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office FrontPage 2003.lnk [2011-02-27 16:02:22 | 000,010,584 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini [2011-02-27 16:01:54 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys [2011-02-27 15:59:04 | 000,360,580 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll ========== Files Created - No Company Name ========== [2011-03-09 21:03:50 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011-02-27 15:59:04 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys [2011-02-27 15:57:46 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini [2010-08-30 20:07:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-07-02 19:51:28 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Raccourci vers notepad.exe.lnk [2010-01-02 13:51:41 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI [2009-07-24 15:01:08 | 000,049,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009-05-25 11:54:42 | 000,125,177 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2007-08-05 11:01:32 | 000,146,750 | ---- | C] () -- C:\WINDOWS\HPHins13.dat [2007-08-05 11:01:32 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat [2007-08-05 10:01:15 | 000,111,770 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2007-05-18 20:32:45 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini [2006-07-16 10:13:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-07-16 10:12:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006-07-15 20:48:57 | 015,037,696 | ---- | C] () -- C:\Program Files\20060715-006-x86.exe [2005-12-07 15:53:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2005-12-07 15:05:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005-09-25 13:14:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005-08-12 09:15:01 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2005-08-12 09:15:01 | 000,000,674 | ---- | C] () -- C:\WINDOWS\tsc.ini [2005-08-12 09:14:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2005-06-23 10:19:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005-06-23 10:18:43 | 000,014,326 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005-04-06 13:42:00 | 000,045,056 | ---- | C] () -- C:\Program Files\Psp8bf.pfl [2005-03-20 15:50:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config [2005-03-14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2005-03-12 08:58:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005-03-04 14:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2004-12-08 16:30:16 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Graphex3.ini [2004-11-28 16:50:59 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2004-09-14 14:56:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DBQARM.dll [2004-08-19 15:07:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004-08-19 15:07:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CBLEIJI.ini [2004-04-29 09:45:35 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\fusioncache.dat [2004-04-24 12:12:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2004-03-05 15:07:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004-03-01 16:03:55 | 000,000,076 | ---- | C] () -- C:\WINDOWS\KMGDI.INI [2004-03-01 13:56:54 | 000,000,755 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004-02-27 18:27:40 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2004-02-27 18:19:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004-02-27 18:14:13 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004-02-27 11:25:16 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004-02-27 11:24:16 | 000,228,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2003-08-29 14:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_03-20-2005_11h21.ini [2003-08-29 14:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_20h56.ini [2003-08-29 14:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_19h39.ini [2003-08-23 00:01:48 | 000,744,128 | ---- | C] () -- C:\Program Files\_SETUP.1 [2003-08-23 00:01:48 | 000,000,511 | ---- | C] () -- C:\Program Files\SETUP.PKG [2003-08-23 00:01:48 | 000,000,005 | ---- | C] () -- C:\Program Files\DISK1.ID [2003-08-23 00:01:46 | 000,210,195 | ---- | C] () -- C:\Program Files\_SETUP.LIB [2003-08-23 00:01:46 | 000,000,029 | ---- | C] () -- C:\Program Files\SETUP.INI [2003-04-24 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003-04-24 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003-04-24 08:00:00 | 000,570,506 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2003-04-24 08:00:00 | 000,493,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003-04-24 08:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2003-04-24 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003-04-24 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003-04-24 08:00:00 | 000,113,862 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2003-04-24 08:00:00 | 000,094,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003-04-24 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003-04-24 08:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2003-04-24 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003-04-24 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003-04-24 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999-07-23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999-07-23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1999-04-08 12:26:40 | 000,081,342 | ---- | C] () -- C:\Program Files\SETUP.INS [1999-03-23 10:12:22 | 000,294,079 | ---- | C] () -- C:\Program Files\_INST32I.EX_ [1999-01-22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010-01-02 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009-01-11 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2011-01-16 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2010-08-02 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0 [2008-08-05 09:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ [2010-05-28 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express [2009-05-25 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC [2008-10-26 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum [2007-08-09 09:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress [2008-02-01 13:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache [2010-01-02 17:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean [2008-06-03 09:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software [2010-09-05 16:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2004-11-09 15:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media [2006-07-22 11:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center [2005-05-15 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView [2011-03-13 10:00:02 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [2011-03-13 10:06:35 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.sys /lockedfiles > < %ALLUSERSPROFILE%\Application Data\*. > [2010-10-09 16:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008-01-11 14:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007-04-12 09:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010-02-09 13:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2010-02-09 13:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira(3) [2007-08-04 11:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2007-08-05 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2008-11-06 16:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2007-08-05 11:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY [2008-09-12 14:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008-11-03 15:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009-12-29 16:08:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2006-07-17 15:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2007-06-17 08:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2009-12-30 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2005-06-23 09:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2006-11-21 11:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010-07-28 09:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010-01-02 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007-08-04 11:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2005-10-13 08:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009-01-11 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010-09-21 14:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AcrobatUpdater.exe [2010-09-21 14:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AdobeARM.exe [2010-09-21 14:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\ReaderUpdater.exe [2009-01-06 14:50:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe [2009-07-01 20:17:38 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe [2011-03-12 12:31:24 | 000,405,249 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe [2009-05-14 09:56:20 | 002,967,799 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe < %APPDATA%\*. > [2010-09-05 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Adobe [2006-07-31 15:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\AdobeUM [2009-07-24 14:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Apple Computer [2011-01-16 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2007-08-09 13:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Creative [2009-02-11 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ESTsoft [2009-12-30 16:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Google [2010-08-02 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0 [2004-03-02 18:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Help [2007-08-04 11:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HP [2011-03-12 20:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HpUpdate [2008-08-05 09:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ [2006-08-08 10:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Identities [2010-05-28 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express [2009-05-25 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC [2008-10-26 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum [2007-02-21 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Lavasoft [2004-12-25 10:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Macromedia [2008-11-03 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Malwarebytes [2011-03-09 15:33:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\GC\Application Data\Microsoft [2005-06-27 10:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Microsoft Web Folders [2011-03-09 21:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Mozilla [2007-06-17 08:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\MSN6 [2007-08-09 09:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress [2008-02-01 13:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache [2005-12-09 12:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Real [2010-01-02 17:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean [2006-11-21 11:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Skype [2004-03-23 10:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Sun [2004-02-27 19:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Symantec [2005-06-25 18:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Talkback [2008-06-03 09:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software [2010-09-05 16:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2004-11-09 15:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media [2006-07-22 11:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center [2008-04-05 14:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\WinRAR [2005-05-15 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView < %APPDATA%\*.exe /s > [2011-03-09 15:33:31 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe < %SYSTEMDRIVE%\*.exe > [2005-04-01 12:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe < %SYSTEMDRIVE%\*.exe > [2005-04-01 12:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe < MD5 for: AGP440.SYS > [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2003-04-24 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: CDROM.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 01:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CHANGER.SYS > [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008-04-13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [2004-08-04 02:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys < MD5 for: DISK.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004-08-04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2004-08-19 19:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2007-06-13 09:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NDIS.SYS > [2008-04-13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 02:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2008-04-13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008-04-13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004-08-19 19:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: RASACD.SYS > [2003-04-24 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2003-04-24 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPWD.SYS > [2005-06-10 00:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008-04-13 22:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008-04-13 22:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005-06-10 00:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$hf_mig$\KB899591\SP2GDR\rdpwd.sys [2005-06-10 00:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys < MD5 for: SCECLI.DLL > [2004-08-19 19:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008-04-13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008-04-13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SFLOPPY.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004-08-04 01:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008-04-13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008-04-13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys < MD5 for: SPLITTER.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006-06-14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2006-06-14 04:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008-04-13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008-04-13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys < MD5 for: SWMIDI.SYS > [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008-04-13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008-04-13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001-08-17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys < MD5 for: TCPIP.SYS > [2006-01-13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys [2006-01-12 22:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$hf_mig$\KB913446\SP2GDR\tcpip.sys [2005-05-25 15:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys [2007-10-30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2005-05-25 15:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$hf_mig$\KB893066\SP2GDR\tcpip.sys [2007-10-30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008-04-13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008-06-20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008-06-20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008-06-20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006-04-20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys < MD5 for: TDPIPE.SYS > [2004-08-19 19:10:18 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008-04-13 22:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008-04-13 22:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys < MD5 for: TDTCP.SYS > [2008-04-13 22:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008-04-13 22:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004-08-19 19:10:18 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys < MD5 for: USBPRINT.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004-08-04 02:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008-04-13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008-04-13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys < MD5 for: USBSCAN.SYS > [2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys [2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008-04-13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008-04-13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-04 01:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys < MD5 for: USERINIT.EXE > [2004-08-19 19:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004-08-19 19:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010-12-20 19:53:03 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll < %systemroot%\Tasks\*.job /lockedfiles > < > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > OTL Extras logfile created on: 2011-03-13 10:05:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GC\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 239,00 Mb Total Physical Memory | 45,00 Mb Available Physical Memory | 19,00% Memory free 826,00 Mb Paging File | 288,00 Mb Available in Paging File | 35,00% Paging File free Paging file location(s): C:\pagefile.sys 600 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,27 Gb Total Space | 22,64 Gb Free Space | 60,74% Space Free | Partition Type: NTFS Computer Name: GHISLAINE | User Name: GC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorateur Windows -- (Microsoft Corporation) "C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw -- () "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation) "C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe" = C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe:*:Enabled:mysqld ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0012040C-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live "{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24B3EFAE-D2C4-438C-BBF5-49B970A771B6}" = Microsoft Visual Basic 2005 Express Edition - FRA "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 21 "{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{46325B79-C284-4ef2-8CDD-3A9E7A1A05AB}" = D2400 "{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F51CDE0-1391-878A-C593-BD340AD9D0DE}" = TweetDeck "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04 "{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05 "{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06 "{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger "{7EF7CCB0-52BF-4947-BE6E-E47D586E8842}" = D2400_Help "{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{9017040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.2 - Français "{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe "{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA "{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req "{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes "{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALUpdate_is1" = ALUpdate "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner (remove only) "docXConverter3_is1" = docXConverter 3.1.2 "EasyPHP_is1" = EasyPHP 1.8 "FileZilla" = FileZilla (remove only) "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Jalbum_0" = Jalbum 8.0 "KeyView for Lotus" = KeyView for Lotus 97 "KittyKitty" = KittyKitty Screen Saver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PhotoFiltre" = PhotoFiltre "Picasa 3" = Picasa 3 "PROSet" = Intel® PRO Network Adapters and Drivers "Scriptocean Javascript Accordion Menu" = Scriptocean Javascript Accordion Menu 1 "Shockwave" = Shockwave "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "WIC" = Windows Imaging Component "Windows Live Safety Scanner" = Windows Live Safety Scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Lecteur Windows Media 11 "Windows XP Service" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.6 "WinLiveSuite_Wave3" = Installation Windows Live "WinRAR archiver" = Archiveur WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2011-03-09 19:50:00 | Computer Name = GHISLAINE | Source = Apache Service | ID = 3299 Description = The Apache service named C:\PROGRA~1\EASYPH~1\Apache\apache.exe reported the following error: >>> fopen: No such file or directory <<< before the error.log file could be opened. More information may be available in the error.log file. . Error - 2011-03-09 19:50:00 | Computer Name = GHISLAINE | Source = Apache Service | ID = 3299 Description = The Apache service named C:\PROGRA~1\EASYPH~1\Apache\apache.exe reported the following error: >>> apache.exe: could not open document config file c:/program files/easyphp1-7/apache/conf/httpd.conf <<< before the error.log file could be opened. More information may be available in the error.log file. . Error - 2011-03-09 19:55:48 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-11 11:22:05 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-12 14:27:54 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée msimn.exe, version 6.0.2900.5512, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-12 14:30:22 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-12 14:57:29 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-12 16:34:57 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-12 17:13:26 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. Error - 2011-03-12 21:23:09 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002 Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000. [ System Events ] Error - 2011-03-11 19:49:01 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000 Description = Le service Apache n'a pas pu démarrer en raison de l'erreur : %%3 Error - 2011-03-11 19:49:01 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000 Description = Le service MySql n'a pas pu démarrer en raison de l'erreur : %%3 Error - 2011-03-11 19:50:39 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7022 Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage. Error - 2011-03-12 17:22:06 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000 Description = Le service Apache n'a pas pu démarrer en raison de l'erreur : %%3 Error - 2011-03-12 17:22:06 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000 Description = Le service MySql n'a pas pu démarrer en raison de l'erreur : %%3 Error - 2011-03-12 17:23:34 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7022 Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage. Error - 2011-03-12 20:37:34 | Computer Name = GHISLAINE | Source = DCOM | ID = 10010 Description = Le serveur {AF33D987-474A-4EC8-ABDF-95BFF906C469} ne s'est pas enregistré sur DCOM avant la fin du temps imparti. Error - 2011-03-12 20:39:44 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000 Description = Le service Apache n'a pas pu démarrer en raison de l'erreur : %%3 Error - 2011-03-12 20:39:44 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000 Description = Le service MySql n'a pas pu démarrer en raison de l'erreur : %%3 Error - 2011-03-12 20:42:07 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7022 Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage. < End of report >
  4. Allô, Toute une misère avec ça. Mon Pc est redevenu tout aussi lent et bloque malgré tout ce travail Je reçois le message suivant quand je travaille : "Un script de cette animation ralentit l'exécution d'Adope flash player 10." Et on me demande de le suspendre pour que l'ordi fonctionne. Je le suspends mais juste d'écrire ce message me prend une éternité. Un script qui ne s'éxécute pas serait donc la bête à abattre !?!!?? %&?*?$* #désespérée P.S. informations supllémentaires au cas où: J'ai redémarré mon PC après avoir envoyé mon message et 4 programmes se sont fermés : 1- lgfx tray 2- msnmsgr.exe (je m'en sers jamais) 3- FSScrCTL 4- Alerts timer Window N.B. je peux écrire normalement maintenant !!!!!!!!! ________________________________ voici le rapport du scan demandé: Avira AntiVir Personal Date de création du fichier de rapport : 12 mars 2011 13:48 La recherche porte sur 2486199 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : GHISLAINE Informations de version : BUILD.DAT : 9.0.0.81 21698 Bytes 2010-10-22 12:02:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 2009-10-13 16:25:46 AVSCAN.DLL : 9.0.3.0 49409 Bytes 2009-03-03 15:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 2009-02-20 16:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 2009-03-03 15:21:31 VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 12:35:52 VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 14:16:05 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011-02-09 01:10:06 VBASE003.VDF : 7.11.3.1 2048 Bytes 2011-02-09 01:10:07 VBASE004.VDF : 7.11.3.2 2048 Bytes 2011-02-09 01:10:07 VBASE005.VDF : 7.11.3.3 2048 Bytes 2011-02-09 01:10:07 VBASE006.VDF : 7.11.3.4 2048 Bytes 2011-02-09 01:10:08 VBASE007.VDF : 7.11.3.5 2048 Bytes 2011-02-09 01:10:08 VBASE008.VDF : 7.11.3.6 2048 Bytes 2011-02-09 01:10:08 VBASE009.VDF : 7.11.3.7 2048 Bytes 2011-02-09 01:10:09 VBASE010.VDF : 7.11.3.8 2048 Bytes 2011-02-09 01:10:09 VBASE011.VDF : 7.11.3.9 2048 Bytes 2011-02-09 01:10:09 VBASE012.VDF : 7.11.3.10 2048 Bytes 2011-02-09 01:10:09 VBASE013.VDF : 7.11.3.59 157184 Bytes 2011-02-14 01:10:11 VBASE014.VDF : 7.11.3.97 120320 Bytes 2011-02-16 00:49:29 VBASE015.VDF : 7.11.3.148 128000 Bytes 2011-02-19 00:49:30 VBASE016.VDF : 7.11.3.183 140288 Bytes 2011-02-22 00:49:31 VBASE017.VDF : 7.11.3.216 124416 Bytes 2011-02-24 00:49:32 VBASE018.VDF : 7.11.3.251 159232 Bytes 2011-02-28 00:49:34 VBASE019.VDF : 7.11.4.33 148992 Bytes 2011-03-02 00:49:35 VBASE020.VDF : 7.11.4.73 150016 Bytes 2011-03-06 00:49:35 VBASE021.VDF : 7.11.4.108 122880 Bytes 2011-03-08 00:49:36 VBASE022.VDF : 7.11.4.150 133120 Bytes 2011-03-10 00:49:37 VBASE023.VDF : 7.11.4.151 2048 Bytes 2011-03-10 00:49:37 VBASE024.VDF : 7.11.4.152 2048 Bytes 2011-03-10 00:49:37 VBASE025.VDF : 7.11.4.153 2048 Bytes 2011-03-10 00:49:37 VBASE026.VDF : 7.11.4.154 2048 Bytes 2011-03-10 00:49:38 VBASE027.VDF : 7.11.4.155 2048 Bytes 2011-03-10 00:49:38 VBASE028.VDF : 7.11.4.156 2048 Bytes 2011-03-10 00:49:38 VBASE029.VDF : 7.11.4.157 2048 Bytes 2011-03-10 00:49:38 VBASE030.VDF : 7.11.4.158 2048 Bytes 2011-03-10 00:49:38 VBASE031.VDF : 7.11.4.177 80896 Bytes 2011-03-12 16:33:13 Version du moteur : 8.2.4.180 AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-08-16 01:35:19 AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 2011-03-11 00:49:48 AESCN.DLL : 8.1.7.2 127349 Bytes 2010-11-28 00:21:51 AESBX.DLL : 8.1.3.2 254324 Bytes 2010-11-28 00:21:53 AERDL.DLL : 8.1.9.2 635252 Bytes 2010-11-01 14:10:09 AEPACK.DLL : 8.2.4.11 520566 Bytes 2011-03-11 00:49:46 AEOFFICE.DLL : 8.1.1.17 205177 Bytes 2011-03-11 00:49:45 AEHEUR.DLL : 8.1.2.83 3338613 Bytes 2011-03-11 00:49:44 AEHELP.DLL : 8.1.16.1 246134 Bytes 2011-02-15 01:10:18 AEGEN.DLL : 8.1.5.2 397683 Bytes 2011-02-15 01:10:17 AEEMU.DLL : 8.1.3.0 393589 Bytes 2010-11-28 00:21:42 AECORE.DLL : 8.1.19.2 196983 Bytes 2011-02-15 01:10:16 AEBB.DLL : 8.1.1.0 53618 Bytes 2010-04-24 21:13:24 AVWINLL.DLL : 9.0.0.3 18177 Bytes 2008-12-12 13:47:30 AVPREF.DLL : 9.0.3.0 44289 Bytes 2009-08-26 20:13:31 AVREP.DLL : 10.0.0.9 174120 Bytes 2011-03-11 00:49:48 AVREG.DLL : 9.0.0.0 36609 Bytes 2008-11-07 20:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 2009-03-24 20:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 2009-01-30 15:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 2009-01-28 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2009-02-02 13:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 2008-11-07 20:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 2009-06-17 18:44:26 RCTEXT.DLL : 9.0.73.0 88321 Bytes 2009-11-02 21:58:32 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Début de la recherche : 12 mars 2011 13:48 La recherche d'objets cachés commence. '67865' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpqbam08.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SMAgent.exe' - '1' module(s) sont contrôlés Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés Processus de recherche 'FSScrCtl.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés Processus de recherche 'SMax4.exe' - '1' module(s) sont contrôlés Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '44' processus ont été contrôlés avec '44' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '59' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. Fin de la recherche : 12 mars 2011 15:30 Temps nécessaire: 1:41:41 Heure(s) La recherche a été effectuée intégralement 8920 Les répertoires ont été contrôlés 407010 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 407009 Fichiers non infectés 1348 Les archives ont été contrôlées 1 Avertissements 1 Consignes 67865 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés ----------------------------------------------- Merci pour tout, surtout, pour supporter ma mauvaise humeur )
  5. Bonjour, J'ai tenté à plusieurs reprises de faire le scan, mais je ne réussis pas. Pourtant, j'ai exécuté vos indications/video tel qu'expliqué. Je crois que le contrôle "activex" ne s'enregistre pas correctement, il y a un icône jaune qui indique une erreur dans le coin gauche lors du téléchargement du contrôle. Il essaie de scanner, mais au bout 20 sec, il m'indique que le scan n'a pas réussi. J'ai vérifié le niveau de sécurité et j'ai autorisé le contrôle activex au cas où. Pour le moment, je suis sans solutions... ???
  6. Merci ! il y a une nette amélioration je crois que vais recommencer à l'aimer voici le rapport demandé OTL logfile created on: 2011-03-11 09:54:23 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GC\Bureau\nettoyage Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 239,00 Mb Total Physical Memory | 61,00 Mb Available Physical Memory | 25,00% Memory free 586,00 Mb Paging File | 100,00 Mb Available in Paging File | 17,00% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,27 Gb Total Space | 23,14 Gb Free Space | 62,10% Space Free | Partition Type: NTFS Computer Name: GHISLAINE | User Name: GC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\GC\Bureau\nettoyage\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\FSScrCtl.exe (Stardust Software) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\GC\Bureau\nettoyage\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (MySql) -- File not found SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Apache) -- File not found SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc) DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = La Poésie que j'aime ... - 1999-2011- le site officiel IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2005-06-23 09:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2005-06-27 08:17:20 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011-03-09 20:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-28 08:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2003-04-24 07:00:00 | 000,000,790 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKCU..\RunOnce: [shockwave Updater] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: lapoesiequejaime.net ([]https in Sites de confiance) O15 - HKCU\..Trusted Domains: live.ca ([]https in Sites de confiance) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.) O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab (Malicious Software Removal Tool) O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Free Online Virus Scan - BitDefender Online Scanner (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Technical difficulties (Windows Live Safety Center Base Module) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38044.6048148148 (Reg Error: Key error.) O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://fdata.over-blog.com/script/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control) O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-02-27 17:16:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: Ip6FwHlp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282 ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009 ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707 ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715 ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167 ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567 ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: Ip6FwHlp - File not found ========== Files/Folders - Created Within 30 Days ========== [2011-03-10 18:20:17 | 000,000,000 | ---D | C] -- C:\_OTL [2011-03-09 20:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Bureau\nettoyage [2011-03-09 18:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GC\Recent [2011-02-27 14:59:04 | 000,360,580 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2011-02-27 14:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\eSellerate [2011-02-27 14:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Mes documents\docXConverter logs [2011-02-27 14:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\docXConverter3 [2011-02-12 11:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck [2010-06-30 17:59:47 | 017,874,088 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_0_1_setup.exe [2009-11-09 20:55:57 | 000,834,042 | ---- | C] (REBOL Technologies) -- C:\Program Files\altme.exe [2006-07-16 08:58:31 | 002,988,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vwdsetup.exe [2005-02-04 11:05:52 | 012,718,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mp10setup.exe [2005-01-28 11:50:01 | 002,065,552 | ---- | C] (Symantec Corporation) -- C:\Program Files\NAVSetup.exe [2004-09-15 08:14:20 | 000,134,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\o2ksr1a.exe [2004-06-11 09:00:11 | 003,836,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msorun.exe [1999-03-23 09:12:40 | 000,011,264 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Program Files\_SETUP.DLL [1999-03-23 09:12:22 | 000,008,192 | ---- | C] (Stirling Technologies, Inc.) -- C:\Program Files\_ISDEL.EXE ========== Files - Modified Within 30 Days ========== [2011-03-11 10:05:08 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job [2011-03-11 10:00:05 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2011-03-10 18:24:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-03-09 20:04:00 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011-03-09 11:15:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-03-09 09:12:19 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office FrontPage 2003.lnk [2011-03-04 15:40:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-02-27 15:02:22 | 000,010,584 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini [2011-02-27 15:01:54 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys [2011-02-27 14:59:04 | 000,360,580 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2011-02-10 03:27:57 | 000,228,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011-03-09 20:03:50 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011-02-27 14:59:04 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys [2011-02-27 14:57:46 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini [2010-08-30 19:07:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-07-02 18:51:28 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Raccourci vers notepad.exe.lnk [2010-01-02 12:51:41 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI [2009-07-24 14:01:08 | 000,049,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009-05-25 10:54:42 | 000,125,177 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2007-08-05 10:01:32 | 000,146,750 | ---- | C] () -- C:\WINDOWS\HPHins13.dat [2007-08-05 10:01:32 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat [2007-08-05 09:01:15 | 000,111,770 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2007-05-18 19:32:45 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini [2006-08-20 13:22:00 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\swreg.exe [2006-08-20 13:22:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2006-07-16 09:13:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-07-16 09:12:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006-07-15 19:48:57 | 015,037,696 | ---- | C] () -- C:\Program Files\20060715-006-x86.exe [2005-12-07 14:53:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2005-12-07 14:05:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005-09-25 12:14:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005-08-12 08:15:01 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2005-08-12 08:15:01 | 000,000,674 | ---- | C] () -- C:\WINDOWS\tsc.ini [2005-08-12 08:14:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2005-06-23 09:19:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005-06-23 09:18:43 | 000,014,326 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005-04-06 12:42:00 | 000,045,056 | ---- | C] () -- C:\Program Files\Psp8bf.pfl [2005-03-20 14:50:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config [2005-03-14 12:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2005-03-12 07:58:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005-03-04 13:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2004-12-08 15:30:16 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Graphex3.ini [2004-11-28 15:50:59 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2004-09-14 13:56:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DBQARM.dll [2004-08-19 14:07:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004-08-19 14:07:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CBLEIJI.ini [2004-04-29 08:45:35 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\fusioncache.dat [2004-04-24 11:12:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2004-03-05 14:07:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004-03-01 15:03:55 | 000,000,076 | ---- | C] () -- C:\WINDOWS\KMGDI.INI [2004-03-01 12:56:54 | 000,000,755 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004-02-27 17:27:40 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2004-02-27 17:19:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004-02-27 17:14:13 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004-02-27 10:25:16 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004-02-27 10:24:16 | 000,228,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2003-08-29 13:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_03-20-2005_11h21.ini [2003-08-29 13:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_20h56.ini [2003-08-29 13:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_19h39.ini [2003-08-22 23:01:48 | 000,744,128 | ---- | C] () -- C:\Program Files\_SETUP.1 [2003-08-22 23:01:48 | 000,000,511 | ---- | C] () -- C:\Program Files\SETUP.PKG [2003-08-22 23:01:48 | 000,000,005 | ---- | C] () -- C:\Program Files\DISK1.ID [2003-08-22 23:01:46 | 000,210,195 | ---- | C] () -- C:\Program Files\_SETUP.LIB [2003-08-22 23:01:46 | 000,000,029 | ---- | C] () -- C:\Program Files\SETUP.INI [2003-04-24 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003-04-24 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003-04-24 07:00:00 | 000,570,506 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2003-04-24 07:00:00 | 000,493,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003-04-24 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2003-04-24 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003-04-24 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003-04-24 07:00:00 | 000,113,862 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2003-04-24 07:00:00 | 000,094,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003-04-24 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003-04-24 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2003-04-24 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003-04-24 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003-04-24 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999-07-23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999-07-23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1999-04-08 11:26:40 | 000,081,342 | ---- | C] () -- C:\Program Files\SETUP.INS [1999-03-23 09:12:22 | 000,294,079 | ---- | C] () -- C:\Program Files\_INST32I.EX_ [1999-01-22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010-01-02 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009-01-11 20:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2011-01-16 16:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2010-08-02 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0 [2008-08-05 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ [2010-05-28 06:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express [2009-05-25 19:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC [2008-10-26 09:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum [2007-08-09 08:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress [2008-02-01 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache [2010-01-02 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean [2008-06-03 08:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software [2010-09-05 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2004-11-09 14:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media [2006-07-22 10:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center [2005-05-15 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView [2011-03-11 10:00:05 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [2011-03-11 10:05:08 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.sys /lockedfiles > < %ALLUSERSPROFILE%\Application Data\*. > [2010-10-09 15:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008-01-11 13:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007-04-12 08:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010-02-09 12:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2010-02-09 12:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira(3) [2007-08-04 10:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2007-08-05 10:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2008-11-06 15:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2007-08-05 10:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY [2008-09-12 13:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008-11-03 14:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009-12-29 15:08:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2006-07-17 14:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2007-06-17 07:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2009-12-30 15:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2005-06-23 08:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2006-11-21 10:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010-07-28 08:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010-01-02 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007-08-04 10:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2005-10-13 07:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009-01-11 20:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2010-09-21 13:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AcrobatUpdater.exe [2010-09-21 13:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AdobeARM.exe [2010-09-21 13:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\ReaderUpdater.exe [2009-01-06 13:50:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe [2009-07-01 19:17:38 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe [2009-05-14 08:56:20 | 002,967,799 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe < %APPDATA%\*. > [2010-09-05 15:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Adobe [2006-07-31 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\AdobeUM [2009-07-24 13:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Apple Computer [2011-01-16 16:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2007-08-09 12:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Creative [2009-02-11 13:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ESTsoft [2009-12-30 15:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Google [2010-08-02 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0 [2004-03-02 17:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Help [2007-08-04 10:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HP [2011-01-25 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HpUpdate [2008-08-05 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ [2006-08-08 09:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Identities [2010-05-28 06:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express [2009-05-25 19:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC [2008-10-26 09:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum [2007-02-21 14:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Lavasoft [2004-12-25 09:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Macromedia [2008-11-03 14:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Malwarebytes [2011-03-09 14:33:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\GC\Application Data\Microsoft [2005-06-27 09:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Microsoft Web Folders [2011-03-09 20:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Mozilla [2007-06-17 07:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\MSN6 [2007-08-09 08:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress [2008-02-01 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache [2005-12-09 11:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Real [2010-01-02 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean [2006-11-21 10:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Skype [2004-03-23 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Sun [2004-02-27 18:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Symantec [2005-06-25 17:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Talkback [2008-06-03 08:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software [2010-09-05 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2004-11-09 14:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media [2006-07-22 10:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center [2008-04-05 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\WinRAR [2005-05-15 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView < %APPDATA%\*.exe /s > [2011-03-09 14:33:31 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe < %SYSTEMDRIVE%\*.exe > [2005-04-01 11:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe < %SYSTEMDRIVE%\*.exe > [2005-04-01 11:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe < MD5 for: AGP440.SYS > [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2003-04-24 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: CDROM.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 00:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CHANGER.SYS > [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008-04-13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [2004-08-04 01:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys < MD5 for: DISK.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004-08-04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008-04-13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008-04-13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2004-08-19 18:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2007-06-13 08:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007-06-13 08:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NDIS.SYS > [2008-04-13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004-08-19 18:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: RASACD.SYS > [2003-04-24 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2003-04-24 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPWD.SYS > [2005-06-09 23:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008-04-13 21:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008-04-13 21:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005-06-09 23:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$hf_mig$\KB899591\SP2GDR\rdpwd.sys [2005-06-09 23:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys < MD5 for: SCECLI.DLL > [2004-08-19 18:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SFLOPPY.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004-08-04 00:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008-04-13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008-04-13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys < MD5 for: SPLITTER.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006-06-14 03:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2006-06-14 03:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008-04-13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008-04-13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys < MD5 for: SWMIDI.SYS > [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008-04-13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008-04-13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001-08-17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys < MD5 for: TCPIP.SYS > [2006-01-13 12:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys [2006-01-12 21:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$hf_mig$\KB913446\SP2GDR\tcpip.sys [2005-05-25 14:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys [2007-10-30 11:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2005-05-25 14:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$hf_mig$\KB893066\SP2GDR\tcpip.sys [2007-10-30 12:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008-04-13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008-06-20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008-06-20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008-06-20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006-04-20 07:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys < MD5 for: TDPIPE.SYS > [2004-08-19 18:10:18 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008-04-13 21:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008-04-13 21:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys < MD5 for: TDTCP.SYS > [2008-04-13 21:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008-04-13 21:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004-08-19 18:10:18 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys < MD5 for: USBPRINT.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004-08-04 01:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008-04-13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008-04-13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys < MD5 for: USBSCAN.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008-04-13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008-04-13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-04 00:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys < MD5 for: USERINIT.EXE > [2004-08-19 18:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008-04-13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008-04-13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004-08-19 18:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010-12-20 18:53:03 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll < %systemroot%\Tasks\*.job /lockedfiles > < > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >
  7. Merci ! Voici le rapport All processes killed ========== FILES ========== File\Folder C:\Program Files\Application Updater not found. File\Folder C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} not found. File\Folder C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\engine@conduit.com not found. File\Folder C:\PROGRAM FILES\FICHIERS COMMUNS\SPIGOT not found. File\Folder C:\PROGRAM FILES\PDFFORGE TOOLBAR not found. File\Folder C:\Documents and Settings\GC\Application Data\Search Settings not found. C:\WINDOWS\System32\lhracdexku.dat moved successfully. File\Folder c:\WINDOWS\system32\lhracdexku_navps.dat not found. C:\WINDOWS\dsez4412.dat moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} folder moved successfully. File\Folder C:\Documents and Settings\GC\Application Data\pdfforge not found. ========== OTL ========== No active process named ApplicationUpdater.exe was found! Error: No service named Application Updater was found to stop! Service\Driver key Application Updater not found. File C:\Program Files\Application Updater\ApplicationUpdater.exe not found. HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems Folder C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9}\ not found. Folder C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\engine@conduit.com\ not found. Folder C:\PROGRAM FILES\FICHIERS COMMUNS\SPIGOT\WTXPCOM\ not found. Folder C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry key HKEY_USERS\S-1-5-21-343818398-1960408961-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Starting removal of ActiveX control {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{976f4921-2640-11dc-8840-000cf1a37008}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976f4921-2640-11dc-8840-000cf1a37008}\ not found. File AdobeR.exe e not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{976f4921-2640-11dc-8840-000cf1a37008}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976f4921-2640-11dc-8840-000cf1a37008}\ not found. File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 40822 bytes ->Flash cache emptied: 56502 bytes User: GC ->Temp folder emptied: 160382202 bytes ->Temporary Internet Files folder emptied: 216679057 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 63897 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 13920 bytes ->Temporary Internet Files folder emptied: 35686986 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 99840 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4992917 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 39946204 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 26789245 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 462,00 mb [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 0 bytes User: GC ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03102011_182017 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\Y78ZNR9G\Essais_[qXD4fb]. not found! C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\D6JQH1G7\AP_ADV_728x90[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\D6JQH1G7\ban_home_728x90[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\5JZ2TLMW\afr[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\5JZ2TLMW\analyse-de-hijackthis-t183659[1].html moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\5JZ2TLMW\AP_CPL_728x90[1].htm moved successfully. C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. Registry entries deleted on Reboot...
  8. Merci pour votre réponse voici les 2 rapports: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6004 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 2011-03-09 18:47:07 mbam-log-2011-03-09 (18-47-07).txt Type d'examen: Examen rapide Elément(s) analysé(s): 148221 Temps écoulé: 11 minute(s), 46 seconde(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 9 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 548 -> Unloaded process successfully. c:\program files\fichiers communs\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 1692 -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\epk_extr (Trojan.Skintrim) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AXPSHOOK11 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AXPSHOOK11 (Rogue.SpywareNukerXT) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\FICHIERS COMMUNS\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal. c:\program files\pdfforge toolbar\IE\4.3\pdfforgetoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully. c:\program files\fichiers communs\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully. ----------------- OTL logfile created on: 2011-03-09 19:05:38 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GC\Bureau Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 239,00 Mb Total Physical Memory | 51,00 Mb Available Physical Memory | 21,00% Memory free 586,00 Mb Paging File | 211,00 Mb Available in Paging File | 36,00% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37,27 Gb Total Space | 22,40 Gb Free Space | 60,12% Space Free | Partition Type: NTFS Computer Name: GHISLAINE | User Name: GC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\GC\Bureau\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) PRC - C:\WINDOWS\FSScrCtl.exe (Stardust Software) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\GC\Bureau\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MySql) -- C:\Program Files\EasyPHP1-8\mysql\bin\mysqld.exe () SRV - (Apache) -- C:\Program Files\EasyPHP1-8\apache\Apache.exe () SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc) DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:T_PAG IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = La Poésie que j'aime ... - 1999-2011- le site officiel IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://lapoesiequejaime.net" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA79}:1.0.21 FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - prefs.js..network.proxy.autoconfig_url: "http://biblioxtrn.uqar.qc.ca/proxy.pac" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-01-17 16:13:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-14 20:16:27 | 000,000,000 | ---D | M] [2009-02-02 09:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Extensions [2011-03-01 09:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions [2009-10-05 11:57:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2011-01-16 14:56:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2010-09-25 19:46:05 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2009-10-05 13:21:08 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011-03-01 09:17:48 | 000,000,000 | ---D | M] ("Yoono") -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66} [2011-01-16 14:56:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\engine@conduit.com [2009-10-05 13:21:04 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\fr-FR@dictionaries.addons.mozilla.org [2011-03-01 09:51:30 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\il8p72jp.default\extensions\twitternotifier@naan.net [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2005-06-23 09:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions [2010-09-25 19:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79} [2005-06-27 08:17:20 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011-03-01 09:38:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010-07-28 08:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011-02-17 15:06:42 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\FICHIERS COMMUNS\SPIGOT\WTXPCOM [2009-07-24 14:34:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-02-17 15:06:45 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2009-09-02 02:00:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2010-07-17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2011-01-15 22:14:15 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml [2011-01-15 22:14:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2011-01-15 22:14:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml [2011-01-15 22:14:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2011-01-15 22:14:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2003-04-24 07:00:00 | 000,000,790 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1004..\RunOnce: [shockwave Updater] File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..Trusted Domains: lapoesiequejaime.net ([]https in Sites de confiance) O15 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..Trusted Domains: live.ca ([]https in Sites de confiance) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.) O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab (Malicious Software Removal Tool) O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Free Online Virus Scan - BitDefender Online Scanner (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Technical difficulties (Windows Live Safety Center Base Module) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38044.6048148148 (Reg Error: Key error.) O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://fdata.over-blog.com/script/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control) O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object) O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Ma page d'accueil) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004-02-27 17:16:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{976f4921-2640-11dc-8840-000cf1a37008}\Shell\Auto\command - "" = AdobeR.exe e O33 - MountPoints2\{976f4921-2640-11dc-8840-000cf1a37008}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: Ip6FwHlp - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282 ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923 ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009 ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707 ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715 ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167 ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894 ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567 ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353 ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: Ip6FwHlp - File not found ========== Files/Folders - Created Within 30 Days ========== [2011-03-09 19:02:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GC\Bureau\OTL.exe [2011-03-09 18:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GC\Recent [2011-03-09 15:38:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\GC\Bureau\mbam-setup.exe [2011-03-09 14:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Menu Démarrer\Programmes\HiJackThis [2011-02-27 14:59:04 | 000,360,580 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2011-02-27 14:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\eSellerate [2011-02-27 14:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Mes documents\docXConverter logs [2011-02-27 14:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\docXConverter3 [2011-02-17 15:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Application Data\Search Settings [2011-02-17 15:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2011-02-17 15:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Spigot [2011-02-17 15:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2011-02-12 11:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck [2009-11-09 20:55:57 | 000,834,042 | ---- | C] (REBOL Technologies) -- C:\Program Files\altme.exe [2006-07-16 08:58:31 | 002,988,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vwdsetup.exe [2005-02-04 11:05:52 | 012,718,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mp10setup.exe [2005-01-28 11:50:01 | 002,065,552 | ---- | C] (Symantec Corporation) -- C:\Program Files\NAVSetup.exe [2004-09-15 08:14:20 | 000,134,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\o2ksr1a.exe [2004-06-11 09:00:11 | 003,836,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msorun.exe [1999-03-23 09:12:40 | 000,011,264 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Program Files\_SETUP.DLL [1999-03-23 09:12:22 | 000,008,192 | ---- | C] (Stirling Technologies, Inc.) -- C:\Program Files\_ISDEL.EXE [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011-03-09 19:13:11 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job [2011-03-09 19:02:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GC\Bureau\OTL.exe [2011-03-09 19:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job [2011-03-09 18:49:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011-03-09 15:40:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2011-03-09 15:38:53 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\GC\Bureau\mbam-setup.exe [2011-03-09 14:33:46 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\HiJackThis.lnk [2011-03-09 14:24:34 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\HiJackThis.msi [2011-03-09 11:15:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011-03-09 09:12:19 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office FrontPage 2003.lnk [2011-03-07 15:31:28 | 000,040,731 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\bg.jpg [2011-03-05 19:08:23 | 000,003,146 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\bg2.jpg [2011-03-04 15:40:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011-03-01 09:05:09 | 000,539,750 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\Echofon-1.9.7.3.xpi [2011-02-28 19:49:17 | 001,144,379 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\P1040187.jpg [2011-02-28 19:48:51 | 001,109,873 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\P1040183.jpg [2011-02-27 15:02:22 | 000,010,584 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini [2011-02-27 15:01:54 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys [2011-02-27 14:59:04 | 000,360,580 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll [2011-02-17 09:56:11 | 001,462,272 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\Le frette.pps [2011-02-14 20:16:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk [2011-02-12 11:00:57 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TweetDeck.lnk [2011-02-10 03:27:57 | 000,228,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-02-09 08:54:09 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll [2011-02-09 08:54:09 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2011-02-08 09:45:45 | 000,045,569 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\photo_1345716_resize.jpg [2011-02-07 21:57:43 | 000,167,871 | ---- | M] () -- C:\Documents and Settings\GC\Bureau\paysage-fleuri.jpg [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011-03-09 15:40:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk [2011-03-09 14:33:29 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\HiJackThis.lnk [2011-03-09 14:02:37 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\HiJackThis.msi [2011-03-05 19:15:36 | 000,003,146 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\bg2.jpg [2011-03-05 17:34:31 | 000,040,731 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\bg.jpg [2011-03-01 09:05:01 | 000,539,750 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\Echofon-1.9.7.3.xpi [2011-02-28 19:49:20 | 001,144,379 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\P1040187.jpg [2011-02-28 19:49:10 | 001,109,873 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\P1040183.jpg [2011-02-27 14:59:04 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys [2011-02-27 14:57:46 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini [2011-02-17 09:56:09 | 001,462,272 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\Le frette.pps [2011-02-09 08:54:09 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2011-02-08 09:47:05 | 000,045,569 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\photo_1345716_resize.jpg [2011-02-07 21:58:58 | 000,167,871 | ---- | C] () -- C:\Documents and Settings\GC\Bureau\paysage-fleuri.jpg [2010-08-30 19:07:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010-07-02 18:51:28 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Raccourci vers notepad.exe.lnk [2010-01-02 12:51:41 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI [2009-07-24 14:01:08 | 000,049,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009-05-25 10:54:42 | 000,125,177 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2007-08-05 10:01:32 | 000,146,750 | ---- | C] () -- C:\WINDOWS\HPHins13.dat [2007-08-05 10:01:32 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat [2007-08-05 09:01:15 | 000,111,770 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2007-05-18 19:32:45 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini [2006-08-20 13:22:00 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\swreg.exe [2006-08-20 13:22:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe [2006-07-16 09:13:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006-07-16 09:12:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006-07-15 19:48:57 | 015,037,696 | ---- | C] () -- C:\Program Files\20060715-006-x86.exe [2006-07-11 09:38:46 | 000,004,392 | ---- | C] () -- C:\WINDOWS\System32\lhracdexku.dat [2005-12-07 14:53:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2005-12-07 14:05:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005-09-25 12:14:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2005-08-12 08:15:01 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2005-08-12 08:15:01 | 000,000,674 | ---- | C] () -- C:\WINDOWS\tsc.ini [2005-08-12 08:14:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2005-06-23 09:19:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2005-06-23 09:18:43 | 000,014,326 | ---- | C] () -- C:\WINDOWS\mozver.dat [2005-05-22 13:15:52 | 000,000,041 | RH-- | C] () -- C:\WINDOWS\dsez4412.dat [2005-04-06 12:42:00 | 000,045,056 | ---- | C] () -- C:\Program Files\Psp8bf.pfl [2005-03-20 14:50:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config [2005-03-14 12:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2005-03-12 07:58:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2005-03-04 13:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe [2004-12-08 15:30:16 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Graphex3.ini [2004-11-28 15:50:59 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2004-09-14 13:56:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DBQARM.dll [2004-08-19 14:07:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004-08-19 14:07:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CBLEIJI.ini [2004-04-29 08:45:35 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\fusioncache.dat [2004-04-24 11:12:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2004-03-05 14:07:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004-03-01 15:03:55 | 000,000,076 | ---- | C] () -- C:\WINDOWS\KMGDI.INI [2004-03-01 12:56:54 | 000,000,755 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004-02-27 17:27:40 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2004-02-27 17:19:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004-02-27 17:14:13 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004-02-27 10:25:16 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004-02-27 10:24:16 | 000,228,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2003-08-29 13:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_03-20-2005_11h21.ini [2003-08-29 13:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_20h56.ini [2003-08-29 13:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_19h39.ini [2003-08-22 23:01:48 | 000,744,128 | ---- | C] () -- C:\Program Files\_SETUP.1 [2003-08-22 23:01:48 | 000,000,511 | ---- | C] () -- C:\Program Files\SETUP.PKG [2003-08-22 23:01:48 | 000,000,005 | ---- | C] () -- C:\Program Files\DISK1.ID [2003-08-22 23:01:46 | 000,210,195 | ---- | C] () -- C:\Program Files\_SETUP.LIB [2003-08-22 23:01:46 | 000,000,029 | ---- | C] () -- C:\Program Files\SETUP.INI [2003-04-24 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003-04-24 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003-04-24 07:00:00 | 000,570,506 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat [2003-04-24 07:00:00 | 000,493,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003-04-24 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat [2003-04-24 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003-04-24 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003-04-24 07:00:00 | 000,113,862 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat [2003-04-24 07:00:00 | 000,094,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003-04-24 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003-04-24 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat [2003-04-24 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003-04-24 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003-04-24 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999-07-23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999-07-23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1999-04-08 11:26:40 | 000,081,342 | ---- | C] () -- C:\Program Files\SETUP.INS [1999-03-23 09:12:22 | 000,294,079 | ---- | C] () -- C:\Program Files\_INST32I.EX_ [1999-01-22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010-01-02 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009-01-11 20:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009-03-06 09:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2011-01-16 16:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2010-08-02 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0 [2008-08-05 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ [2010-05-28 06:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express [2009-05-25 19:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC [2008-10-26 09:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum [2010-01-01 20:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\pdfforge [2007-08-09 08:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress [2008-02-01 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache [2010-01-02 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean [2011-02-17 15:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Search Settings [2008-06-03 08:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software [2010-09-05 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2004-11-09 14:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media [2006-07-22 10:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center [2005-05-15 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView [2011-03-09 19:00:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job [2011-03-09 19:13:11 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job ========== Purity Check ========== ========== Custom Scans ========== < %systemroot%\system32\drivers\*.sys /lockedfiles > < %ALLUSERSPROFILE%\Application Data\*. > [2010-10-09 15:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008-01-11 13:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2007-04-12 08:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2010-02-09 12:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira [2010-02-09 12:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira(3) [2007-08-04 10:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2007-08-05 10:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2008-11-06 15:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2007-08-05 10:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY [2008-09-12 13:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2008-11-03 14:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009-12-29 15:08:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2006-07-17 14:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2007-06-17 07:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2009-12-30 15:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2005-06-23 08:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime [2006-11-21 10:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010-07-28 08:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2010-01-02 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007-08-04 10:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG [2005-10-13 07:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009-01-11 20:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2009-03-06 09:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2008-07-04 13:35:40 | 000,054,632 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe [2010-09-21 13:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AcrobatUpdater.exe [2010-09-21 13:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AdobeARM.exe [2010-09-21 13:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\ReaderUpdater.exe [2009-01-06 13:50:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe [2009-07-01 19:17:38 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe [2009-05-14 08:56:20 | 002,967,799 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe < %APPDATA%\*. > [2010-09-05 15:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Adobe [2006-07-31 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\AdobeUM [2009-07-24 13:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Apple Computer [2011-01-16 16:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2007-08-09 12:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Creative [2009-02-11 13:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ESTsoft [2009-12-30 15:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Google [2010-08-02 13:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0 [2004-03-02 17:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Help [2007-08-04 10:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HP [2011-01-25 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HpUpdate [2008-08-05 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ [2006-08-08 09:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Identities [2010-05-28 06:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express [2009-05-25 19:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC [2008-10-26 09:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum [2007-02-21 14:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Lavasoft [2004-12-25 09:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Macromedia [2008-11-03 14:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Malwarebytes [2011-03-09 14:33:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\GC\Application Data\Microsoft [2005-06-27 09:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Microsoft Web Folders [2009-02-02 09:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Mozilla [2007-06-17 07:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\MSN6 [2010-01-01 20:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\pdfforge [2007-08-09 08:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress [2008-02-01 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache [2005-12-09 11:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Real [2010-01-02 16:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean [2011-02-17 15:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Search Settings [2006-11-21 10:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Skype [2004-03-23 09:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Sun [2004-02-27 18:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Symantec [2005-06-25 17:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Talkback [2008-06-03 08:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software [2010-09-05 15:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2004-11-09 14:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media [2006-07-22 10:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center [2008-04-05 13:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\WinRAR [2005-05-15 11:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView < %APPDATA%\*.exe /s > [2010-12-28 13:32:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\GC\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011-03-09 14:33:31 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe < %SYSTEMDRIVE%\*.exe > [2005-04-01 11:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe < %SYSTEMDRIVE%\*.exe > [2005-04-01 11:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe < MD5 for: AGP440.SYS > [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004-08-04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2003-04-24 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys [2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: CDROM.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys [2008-04-13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys [2008-04-13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-04 00:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys < MD5 for: CHANGER.SYS > [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys [2008-04-13 13:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys [2004-08-04 01:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys < MD5 for: DISK.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys [2004-08-04 00:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys [2008-04-13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys [2008-04-13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2004-08-19 18:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2007-06-13 08:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007-06-13 08:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NDIS.SYS > [2008-04-13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys [2008-04-13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys [2004-08-04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys < MD5 for: NETLOGON.DLL > [2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll [2004-08-19 18:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: RASACD.SYS > [2003-04-24 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys [2003-04-24 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys < MD5 for: RDPWD.SYS > [2005-06-09 23:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys [2008-04-13 21:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys [2008-04-13 21:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys [2005-06-09 23:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$hf_mig$\KB899591\SP2GDR\rdpwd.sys [2005-06-09 23:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys < MD5 for: SCECLI.DLL > [2004-08-19 18:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll < MD5 for: SFLOPPY.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys [2004-08-04 00:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys [2008-04-13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys [2008-04-13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys < MD5 for: SPLITTER.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys [2006-06-14 03:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys [2006-06-14 03:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys [2008-04-13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys [2008-04-13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys < MD5 for: SWMIDI.SYS > [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys [2008-04-13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys [2008-04-13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys [2001-08-17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys < MD5 for: TCPIP.SYS > [2006-01-13 12:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys [2006-01-12 21:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$hf_mig$\KB913446\SP2GDR\tcpip.sys [2005-05-25 14:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys [2007-10-30 11:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys [2005-05-25 14:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$hf_mig$\KB893066\SP2GDR\tcpip.sys [2007-10-30 12:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [2008-04-13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [2008-06-20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys [2008-06-20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys [2008-06-20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [2006-04-20 07:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys < MD5 for: TDPIPE.SYS > [2004-08-19 18:10:18 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys [2008-04-13 21:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys [2008-04-13 21:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys < MD5 for: TDTCP.SYS > [2008-04-13 21:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys [2008-04-13 21:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys [2004-08-19 18:10:18 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys < MD5 for: USBPRINT.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys [2004-08-04 01:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys [2008-04-13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys [2008-04-13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys < MD5 for: USBSCAN.SYS > [2003-04-24 07:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys [2006-08-08 10:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys [2008-07-09 09:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys [2008-04-13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys [2008-04-13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-04 00:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys < MD5 for: USERINIT.EXE > [2004-08-19 18:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008-04-13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008-04-13 21:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004-08-19 18:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009-03-08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009-03-08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010-12-20 18:53:03 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70 @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report >
  9. Bonjour, Je me permets de poster un rapport HijackThis afin de savoir si mon PC n'est pas infecté . Systeme exploitation XP familial Merci d'avance pour votre aide ! ----------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:34:54, on 2011-03-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\FSScrCtl.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\trend micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = La Poésie que j'aime ... - 1999-2011- le site officiel R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = La Poésie que j'aime ... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pages.videotron.com/biogest/biologietotale/fr_index.html" O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - Free Online Virus Scan - BitDefender Online Scanner O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - Technical difficulties O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://fdata.over-blog.com/script/ImageUploader3.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EASYPH~1\Apache\apache.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: MySql - Unknown owner - C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 13221 bytes
×
×
  • Créer...