aidez moi svp !!! chevale de troi detecter

nutTenburG · le 1 janvier 2011

mon antivirus a detectez certaine activité d'un fichier nommé 1f.tmp apres c'est devenu un worm (Net-Worm.Koobface)

je me demande comment l'enlever aidez moi a mieu comprendre

est ce que je doit utiliser hijackthis

si oui : est ce que vous pourriez m'aider a analyser le rapport

a l'aiiide

jeanmimigab · le 1 janvier 2011

bonjour et bienvenu sur Zebulon

Fais cela dans l'ordre stp...

Télécharge >> TFC.exe << impérativement sur ton bureau
Ferme tous les programmes en cour de fonctionnement...
Fais un double-clic sur l'icône de TFC pour le lancer
Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

ensuite...

télécharge Malwarebytes et installe le.
Après avoir effectué la mise à jour, Choisis "exécuter un examen rapide", à la fin du scanne, coches tous les éléments trouvés,et clique sur supprimer la sélection.
Poste moi le rapport stp.

et enfin...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

NetSvcs

%systemroot%\system32\drivers\*.sys /lockedfiles

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

tcpip.sys

Sfloppy.sys

Changer.sys

cdrom.sys

disk.sys

ndis.sys

usbscan.sys

usbprint.sys

tdtcp.sys

tdpipe.sys

swmidi.sys

splitter.sys

rdpwd.sys

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

RASACD.SYS

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).

* Copie et colle les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

@++

nutTenburG · le 1 janvier 2011

ensuite...

télécharge Malwarebytes et installe le.

Après avoir effectué la mise à jour, Choisis "exécuter un examen rapide", à la fin du scanne, coches tous les éléments trouvés,et clique sur supprimer la sélection.

Poste moi le rapport stp.

la mise a jour n'a pas pu etre effectué je ne sais pas pourquoi

jeanmimigab · le 1 janvier 2011

t'inquiète pas, sûrement un proxi infectieux, fais le scanne quand même et poste le rapport, ensuite passe à OTL

nutTenburG · le 1 janvier 2011

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Version de la base de données: 5363

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

01/01/2011 18:23:07

mbam-log-2011-01-01 (18-23-07).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 123608

Temps écoulé: 1 minute(s), 22 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 4

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

c:\WINDOWS\system32\AntiWPA.dll (PUP.Wpakill) -> Delete on reboot.

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa (PUP.Wpakill) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

c:\WINDOWS\system32\AntiWPA.dll (PUP.Wpakill) -> Delete on reboot.

c:\Temp\vlc-1.1.5-win32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\fbagent.job (Malware.Trace) -> Quarantined and deleted successfully.

euh il est impossible de supprimer certains elements !!! un message qui s'affiche a la fin de l'etape de suppression

jeanmimigab · le 1 janvier 2011

euh il est impossible de supprimer certains elements !!!

ça serait trop facile si Malwarebyte faisait tout

poste le rapport OTL stp...

nutTenburG · le 1 janvier 2011

OTL logfile created on: 01/01/2011 18:35:43 - Run 1

OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\user\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 488,28 Gb Total Space | 448,63 Gb Free Space | 91,88% Space Free | Partition Type: NTFS

Drive D: | 443,22 Gb Total Space | 430,22 Gb Free Space | 97,07% Space Free | Partition Type: NTFS

Computer Name: USER-0A25FC8BB8 | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\Facemoi\facemoi.exe (FaceMoi)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)

MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)

========== Win32 Services (SafeList) ==========

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)

DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (k57w2k) Broadcom NetLink -- C:\WINDOWS\system32\drivers\k57xp32.sys (Broadcom Corporation)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)

DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-823518204-1085031214-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/ig"'>http://www.google.fr/ig"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2

FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.1

FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.34

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&btnI=&q="'>http://www.google.com/search?ie=UTF-8&btnI=&q="

FF - prefs.js..network.proxy.backup.ftp: "84.19.176.62"

FF - prefs.js..network.proxy.backup.ftp_port: 8080

FF - prefs.js..network.proxy.backup.gopher: "84.19.176.62"

FF - prefs.js..network.proxy.backup.gopher_port: 8080

FF - prefs.js..network.proxy.backup.socks: "84.19.176.62"

FF - prefs.js..network.proxy.backup.socks_port: 8080

FF - prefs.js..network.proxy.backup.ssl: "84.19.176.62"

FF - prefs.js..network.proxy.backup.ssl_port: 8080

FF - prefs.js..network.proxy.ftp: "84.19.176.62"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "84.19.176.62"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "84.19.176.62"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "84.19.176.62"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "84.19.176.62"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 20:56:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 17:19:50 | 000,000,000 | ---D | M]

[2010/07/20 14:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2010/12/31 20:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions

[2010/12/18 22:16:36 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2010/12/18 22:16:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/09/23 20:24:53 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}

[2010/09/03 02:21:46 | 000,000,000 | ---D | M] (Facicons) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}

[2010/07/20 11:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\extensions\temp

[2008/06/13 06:23:30 | 000,002,258 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\binsearch.xml

[2008/06/13 06:23:30 | 000,002,036 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\exalead.xml

[2007/05/06 19:29:16 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\live-search.xml

[2010/12/26 11:24:40 | 000,006,394 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\nowtorrents.xml

[2008/01/17 21:52:17 | 000,002,261 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\opensubtitlesorg.xml

[2008/07/21 18:22:55 | 000,002,213 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\subscene.xml

[2007/08/13 21:50:47 | 000,005,532 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\vidos-dailymotion.xml

[2006/11/16 21:11:10 | 000,001,025 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\wikipedia-english.xml

[2010/12/26 11:24:40 | 000,002,087 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\t3i2mr5p.default\searchplugins\youtube---videos.xml

[2011/01/01 17:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/09/23 20:23:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/09/23 20:23:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/09/23 20:23:17 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/12/11 17:19:43 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/12/11 17:19:43 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/12/11 17:19:43 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/12/11 17:19:43 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/12/11 17:19:43 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2008/04/14 15:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-823518204-1085031214-682003330-1003..\Run: [Facemoi] C:\Facemoi\facemoi.exe (FaceMoi)

O4 - HKU\S-1-5-21-823518204-1085031214-682003330-1003..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0

O7 - HKU\S-1-5-21-823518204-1085031214-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1

O9 - Extra Button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2010/07/20 11:04:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^McAfee Security Scan Plus.lnk - C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - File not found

MsConfig - StartUpReg: DrvIcon - hkey= - key= - C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found

MsConfig - StartUpReg: Facemoi - hkey= - key= - c:\Facemoi\facemoi.exe (FaceMoi)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)

MsConfig - StartUpReg: SuperCopier2.exe - hkey= - key= - C:\Program Files\SuperCopier2\SuperCopier2.exe File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/'>http://www.mp3dev.org/)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 18:31:39 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe

[2011/01/01 18:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes

[2011/01/01 18:12:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/01/01 18:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/01/01 18:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/01/01 18:12:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/01/01 18:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/01/01 18:10:21 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Mes documents\mbam-setup.exe

[2011/01/01 18:04:09 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\TFC.exe

[2011/01/01 17:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Bureau\hijackthis

[2010/12/27 17:09:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Démarrer\Programmes\System Tool

[2010/12/27 17:00:19 | 000,233,472 | ---- | C] (Nlrzhsl) -- C:\Documents and Settings\user\Application Data\uatny.exe

[2010/12/27 17:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lGlDa04300

[2010/12/27 16:59:33 | 000,143,360 | ---- | C] (Nlrzhsl) -- C:\Documents and Settings\user\Application Data\xqff.exe

[2010/12/19 19:57:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\FileZilla

[2010/12/18 22:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IDM

[2010/12/18 22:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DMCache

[2010/12/18 22:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Menu Démarrer\Programmes\Internet Download Manager

[2010/12/18 19:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TeamViewer 5

[2010/12/16 22:03:39 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\WINDOWS\System32\drivers\teamviewervpn.sys

[2010/12/16 22:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\TeamViewer 6

[2010/12/07 21:15:16 | 000,000,000 | ---D | C] -- C:\Temp

[2010/12/03 19:24:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Steam

[2010/12/03 19:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Steam

========== Files - Modified Within 30 Days ==========

[2011/01/01 18:31:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\OTL.exe

[2011/01/01 18:26:33 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\systems.job

[2011/01/01 18:26:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/01 18:25:26 | 001,584,160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2011/01/01 18:25:26 | 000,393,248 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2011/01/01 18:25:26 | 000,014,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2011/01/01 18:25:26 | 000,003,472 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2011/01/01 18:23:28 | 000,000,068 | -HS- | M] () -- C:\WINDOWS\klif.spi

[2011/01/01 18:12:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2011/01/01 18:11:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Mes documents\mbam-setup.exe

[2011/01/01 18:04:06 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Bureau\TFC.exe

[2011/01/01 12:55:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/31 18:59:28 | 000,094,679 | ---- | M] () -- C:\Documents and Settings\user\Bureau\168014_152546631461087_100001172523764_251754_2207680_n.jpg

[2010/12/30 21:56:59 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/28 21:10:28 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\user\Bureau\lol.bmp

[2010/12/27 16:59:25 | 000,233,472 | ---- | M] (Nlrzhsl) -- C:\Documents and Settings\user\Application Data\uatny.exe

[2010/12/27 16:58:43 | 000,143,360 | ---- | M] (Nlrzhsl) -- C:\Documents and Settings\user\Application Data\xqff.exe

[2010/12/25 14:58:58 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/15 19:54:20 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\user\Bureau\456.jpg

[2010/12/15 19:53:58 | 000,119,496 | ---- | M] () -- C:\Documents and Settings\user\Bureau\123.jpg

[2010/12/15 08:57:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk

[2010/12/11 22:08:01 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\user\Bureau\Nouveau Image bitmap.bmp

[2010/12/08 16:18:39 | 000,114,243 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2010/12/08 16:18:39 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2010/12/07 12:01:04 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\user\Bureau\hacking.bmp

[2010/12/03 19:41:34 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Steam.lnk

[2010/12/03 19:15:41 | 010,970,112 | ---- | M] () -- C:\Documents and Settings\user\Mes documents\SteamInstall_French.msi

[2010/12/03 11:54:51 | 030,862,316 | ---- | M] () -- C:\Documents and Settings\user\Mes documents\themes.rar

[2010/12/03 11:47:59 | 000,202,807 | ---- | M] () -- C:\Documents and Settings\user\Mes documents\anis.rar

[2010/12/02 22:14:54 | 000,001,883 | R--- | M] () -- C:\Documents and Settings\user\Bureau\KAV09-CM-20110207-043440EF.KEY

========== Files Created - No Company Name ==========

[2011/01/01 18:23:28 | 000,000,068 | -HS- | C] () -- C:\WINDOWS\klif.spi

[2011/01/01 18:12:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2010/12/31 18:59:28 | 000,094,679 | ---- | C] () -- C:\Documents and Settings\user\Bureau\168014_152546631461087_100001172523764_251754_2207680_n.jpg

[2010/12/28 21:10:17 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\user\Bureau\lol.bmp

[2010/12/27 16:59:33 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\systems.job

[2010/12/15 19:54:14 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\user\Bureau\456.jpg

[2010/12/15 19:00:29 | 000,119,496 | ---- | C] () -- C:\Documents and Settings\user\Bureau\123.jpg

[2010/12/15 08:57:42 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk

[2010/12/11 22:07:38 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\user\Bureau\Nouveau Image bitmap.bmp

[2010/12/07 12:00:36 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\user\Bureau\hacking.bmp

[2010/12/06 22:39:13 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/03 19:24:10 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Steam.lnk

[2010/12/03 19:12:40 | 010,970,112 | ---- | C] () -- C:\Documents and Settings\user\Mes documents\SteamInstall_French.msi

[2010/12/03 11:50:22 | 030,862,316 | ---- | C] () -- C:\Documents and Settings\user\Mes documents\themes.rar

[2010/12/03 11:48:27 | 000,001,883 | R--- | C] () -- C:\Documents and Settings\user\Bureau\KAV09-CM-20110207-043440EF.KEY

[2010/12/03 11:48:10 | 000,202,807 | ---- | C] () -- C:\Documents and Settings\user\Mes documents\anis.rar

[2010/07/22 10:09:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/07/20 12:56:53 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/07/20 11:13:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/07/20 11:11:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/07/20 11:11:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/07/20 11:11:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/07/20 11:11:19 | 002,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2010/07/20 11:11:19 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/07/20 11:11:19 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/07/20 11:11:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2003/04/01 06:28:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/07/20 11:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/08/07 02:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6

[2010/12/27 17:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lGlDa04300

[2010/12/18 22:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DMCache

[2010/12/19 19:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileZilla

[2010/11/21 17:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo

[2010/12/29 13:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Guitar Pro 6

[2011/01/01 02:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HLSW

[2010/12/18 22:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IDM

[2010/08/01 20:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ooVoo Details

[2010/08/01 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\oovooinstaller

[2010/12/16 22:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer

[2010/07/29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TS3Client

[2010/08/08 15:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViGlance

[2010/08/08 15:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViSplore

[2010/08/08 15:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViStart

[2011/01/01 18:26:33 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\systems.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/07/20 11:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010/07/20 11:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX

[2010/10/25 20:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/08/07 02:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitar Pro 6

[2011/01/01 18:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2010/12/27 17:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lGlDa04300

[2011/01/01 18:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/07/20 18:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/08/09 00:53:02 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010/07/20 11:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero

[2010/08/17 18:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/07/20 11:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/07/20 11:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/07/23 20:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/09/23 20:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2010/07/20 15:46:30 | 000,208,616 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe

[2010/12/27 17:00:08 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\lGlDa04300\lGlDa04300.exe

[2010/07/20 18:16:21 | 002,568,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

[2010/07/20 18:16:18 | 001,025,992 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe

< %APPDATA%\*. >

[2010/07/20 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Adobe

[2010/12/18 22:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DMCache

[2010/12/19 19:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileZilla

[2010/11/21 17:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo

[2010/10/22 12:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Google

[2010/12/29 13:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Guitar Pro 6

[2011/01/01 02:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\HLSW

[2010/07/20 11:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Identities

[2010/12/18 22:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IDM

[2010/07/20 15:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Macromedia

[2011/01/01 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Malwarebytes

[2010/07/20 14:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Media Player Classic

[2010/10/06 16:07:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\user\Application Data\Microsoft

[2010/07/20 14:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla

[2010/11/21 09:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nero

[2010/08/01 20:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ooVoo Details

[2010/08/01 19:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\oovooinstaller

[2010/08/17 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Real

[2010/12/30 23:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Skype

[2010/09/23 20:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sun

[2010/07/29 22:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\teamspeak2

[2010/12/16 22:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer

[2010/07/29 21:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TS3Client

[2010/08/08 15:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViGlance

[2010/08/08 15:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViSplore

[2010/08/08 15:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ViStart

[2010/12/20 15:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vlc

[2010/07/20 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2010/12/27 16:59:25 | 000,233,472 | ---- | M] (Nlrzhsl) -- C:\Documents and Settings\user\Application Data\uatny.exe

[2010/12/27 16:58:43 | 000,143,360 | ---- | M] (Nlrzhsl) -- C:\Documents and Settings\user\Application Data\xqff.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/13 10:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2008/04/14 15:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CHANGER.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: DISK.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys

[2008/04/14 15:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 15:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2008/04/14 15:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

< MD5 for: NDIS.SYS >

[2008/04/14 15:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: RASACD.SYS >

[2008/04/14 15:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPWD.SYS >

[2008/04/14 15:00:00 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys

< MD5 for: SCECLI.DLL >

[2008/04/14 15:00:00 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFLOPPY.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys

[2008/04/14 15:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys

< MD5 for: SPLITTER.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys

[2008/04/13 10:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys

< MD5 for: SWMIDI.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys

[2008/04/13 10:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys

< MD5 for: TCPIP.SYS >

[2008/08/03 14:02:08 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=E248A8391D7388A0A3679D1FB33E003D -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: TDPIPE.SYS >

[2008/04/14 15:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys

< MD5 for: TDTCP.SYS >

[2008/04/14 15:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys

< MD5 for: USBPRINT.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys

< MD5 for: USBSCAN.SYS >

[2008/06/21 09:56:59 | 018,261,056 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys

< MD5 for: USERINIT.EXE >

[2008/04/14 15:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2008/04/14 15:00:00 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/14 15:00:00 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll

[2008/04/14 15:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm50.dll

[2008/04/14 15:00:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll

[2008/04/14 15:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcp60.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >