[Résolu] Virus au démarrage

[Thot24]

Bonjour,

 

Je reçois depuis quelques jours des messages d'erreur au démarrage de mon PC et Avast identifie plusieurs fichiers infectés. J'ai beau les supprimer au fur et à mesure, cela ne s'arrête pas : il y en a toujours de nouveaux qui apparaissent.

 

Pouvez-vous SVP m'aider à résoudre ce problème ?

 

Par ailleurs, j'ai vu dans un message que vous conseilliez de changer d'antivirus aux utilisateurs d'Avast. Ce message étant relativement vieux, est-ce toujours d'actualité ?

 

Merci d'avance !

Modifié le 11 janvier 2011 par Thot24

[jeanmimigab]

hello,

 

pour l'instant garde Avast

 

En ce qui concerne les détections indique moi les fichiers infectieux et leurs emplacements stp...

 

Ensuite fais cela stp...

 

* Télécharge >> OTL <<sur ton bureau.

 

* Fait un double-clic sur l'icône d'OTL pour le lancer

 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

 

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

 

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

 

NetSvcs

%systemroot%\system32\drivers\*.sys /lockedfiles

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

tcpip.sys

Sfloppy.sys

Changer.sys

cdrom.sys

disk.sys

ndis.sys

usbscan.sys

usbprint.sys

tdtcp.sys

tdpipe.sys

swmidi.sys

splitter.sys

rdpwd.sys

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

RASACD.SYS

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

 

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).

* Copie et colle les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

 

@++

Modifié le 3 janvier 2011 par jeanmimigab

[Thot24]

Tout d'abord, merci beaucoup pour ton aide !

 

Voici les logs :

 

 

 

 

OTL.Txt

-------------------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 03/01/2011 21:55:49 - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Matthieu\Bureau

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

1 023,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74,43 Gb Total Space | 6,72 Gb Free Space | 9,03% Space Free | Partition Type: NTFS

Drive D: | 74,52 Gb Total Space | 0,99 Gb Free Space | 1,33% Space Free | Partition Type: NTFS

 

Computer Name: THOT | User Name: Matthieu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Matthieu\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Parrot Audio Suite\PSM\WifiService.exe ()

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)

PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)

PRC - C:\Program Files\PictureProject\NkbMonitor.exe (Nikon Corporation)

PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

PRC - C:\Program Files\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe (TOSHIBA Corp.)

PRC - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

PRC - C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Matthieu\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvwrsfr.dll (NVIDIA Corporation)

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (dmserver) -- C:\WINDOWS\System32\Yrwspwgu.d1l File not found

SRV - (avast! Web Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (WifiService) -- C:\Program Files\Parrot Audio Suite\PSM\WifiService.exe ()

SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)

SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (kraidsvc) -- C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe (TOSHIBA Corporation)

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Yrwspwgu) -- C:\WINDOWS\System32\drivers\Yrwspwgu.sys File not found

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (ParrotSAVirtualAudioCableWdm_Ver100) Parrot High Quality Audio (WDM) -- C:\WINDOWS\system32\drivers\ParrotVad.sys (Parrot SA)

DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)

DRV - (ttv200x) -- C:\WINDOWS\system32\drivers\ttv200x.sys (TOSHIBA)

DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)

DRV - (w29n51) Pilote de carte de connexion réseau Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )

DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

DRV - (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) -- C:\WINDOWS\system32\drivers\CamDrL21.sys (Philips Semiconductors)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = chuck;webens;consult;*.local

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49636

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 20:43:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 20:42:16 | 000,000,000 | ---D | M]

 

[2010/12/16 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthieu\Application Data\Mozilla\Extensions

[2010/12/16 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthieu\Application Data\Mozilla\Firefox\Profiles\bkp9w8jz.default\extensions

[2010/12/16 20:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/20 16:34:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/12/03 19:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/12/03 19:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/12/03 19:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/12/03 19:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/12/03 19:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O4 - HKLM..\Run: [000StTHK] File not found

O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [CFSServ.exe] File not found

O4 - HKLM..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe_ File not found

O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

O4 - HKLM..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe_ File not found

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TFncKy] File not found

O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)

O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe_ File not found

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [utilitaire d'enrichissement d'image Toshiba] C:\Program Files\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe (TOSHIBA Corp.)

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [download] C:\Documents and Settings\Matthieu\Application Data\download2\svcnost.exe File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [engel] C:\Documents and Settings\Matthieu\Application Data\updates\updates.exe File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [mssend] C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk = C:\Program Files\PictureProject\NkbMonitor.exe (Nikon Corporation)

F3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 WinNT: Load - (C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe) - C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203967218562 (WUWebControl Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227814016421 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mypix.com/importer/ImageUploader4.cab (Image Uploader Control)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 Winlogon: Shell - (C:\Documents and Settings\Matthieu\Application Data\dwm.exe) - C:\Documents and Settings\Matthieu\Application Data\dwm.exe File not found

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Matthieu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthieu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/02/21 07:09:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0de3b702-ab00-11df-9401-0012f01abe5b}\Shell - "" = AutoRun

O33 - MountPoints2\{0de3b702-ab00-11df-9401-0012f01abe5b}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found

O33 - MountPoints2\{14cfb960-8282-11dd-911d-000e7bd3cc71}\Shell - "" = AutoRun

O33 - MountPoints2\{14cfb960-8282-11dd-911d-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{a751fae3-a3a0-11dd-9140-000e7bd3cc71}\Shell - "" = AutoRun

O33 - MountPoints2\{a751fae3-a3a0-11dd-9140-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{afa1dc2c-2828-11dd-90ac-0012f01abe5b}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe

O33 - MountPoints2\{c53f5da8-7ef9-11df-93d6-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found

O33 - MountPoints2\{fd4d1435-c732-11de-92e6-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: DMServer - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: Steam - hkey= - key= - D:\Jeux\Steam\Steam.exe (Valve Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: dmserver - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: dmserver - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F590509A-C24C-FDF7-B923-2335A296E839} - Lecteur Windows Media Microsoft 6.4

ActiveX: {F85D4622-1195-C00E-282C-8E623B49D7E6} - Rendu VML (Vector Graphics Rendering)

ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)

Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvid.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

NetSvcs: 6to4 - File not found

NetSvcs: DMServer - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/03 21:44:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthieu\Bureau\OTL.exe

[2010/12/16 23:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\xssend2

[2010/12/16 20:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Mes documents\Téléchargements

[2010/12/16 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\Mozilla

[2010/12/16 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\Mozilla

[2010/12/16 20:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox

[2010/12/16 20:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2010/12/16 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk

[2010/12/08 20:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\updates

[2010/12/08 20:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\mssend2

[2010/12/08 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\download2

[2006/12/08 16:54:44 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys

[2006/12/08 16:54:44 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/03 21:53:00 | 367,470,401 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\Desperate.Housewives.S07E11.HDTV.XviD-FQM.avi

[2011/01/03 21:48:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/03 21:44:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthieu\Bureau\OTL.exe

[2011/01/03 21:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/01/03 19:32:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/01/03 19:27:59 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/03 19:27:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/03 19:27:40 | 1072,807,936 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/28 18:27:10 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat

[2010/12/28 18:25:37 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\Mots croisés.xls

[2010/12/18 23:27:10 | 059,160,576 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco2_DVD.mpg

[2010/12/18 22:26:38 | 042,934,272 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco1_DVD.mpg

[2010/12/16 21:15:26 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/16 21:14:20 | 183,729,908 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\H12.avi

[2010/12/16 20:43:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/12/16 20:42:22 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Matthieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/13 13:04:02 | 366,708,804 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\D10.avi

[2010/12/09 19:18:18 | 000,003,112 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/12/09 16:50:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/12/08 21:29:56 | 000,006,339 | ---- | M] () -- C:\Documents and Settings\Matthieu\Application Data\FC66.B7B

[2010/12/08 16:00:02 | 733,734,912 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\LPLG.avi

[2010/12/08 14:44:43 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\http.doc

[2010/12/07 08:58:02 | 183,449,601 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\H11.avi

[2010/12/06 06:06:57 | 366,733,313 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\D9.avi

 

========== Files Created - No Company Name ==========

 

[2011/01/03 21:51:30 | 367,470,401 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\Desperate.Housewives.S07E11.HDTV.XviD-FQM.avi

[2010/12/28 12:55:48 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\Mots croisés.xls

[2010/12/20 13:02:41 | 059,160,576 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco2_DVD.mpg

[2010/12/20 13:02:32 | 042,934,272 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco1_DVD.mpg

[2010/12/17 00:24:02 | 366,708,804 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\D10.avi

[2010/12/16 21:07:50 | 183,729,908 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\H12.avi

[2010/12/16 20:43:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/12/16 20:42:22 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Matthieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/08 18:01:44 | 000,006,339 | ---- | C] () -- C:\Documents and Settings\Matthieu\Application Data\FC66.B7B

[2010/12/08 15:57:28 | 733,734,912 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\LPLG.avi

[2010/12/08 15:25:58 | 733,601,792 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\R.avi

[2010/12/08 14:59:15 | 183,449,601 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\H11.avi

[2010/12/06 22:27:18 | 366,733,313 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\D9.avi

[2010/03/18 23:02:52 | 000,012,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t7AHIvQWcAEro

[2010/03/18 23:02:51 | 000,012,760 | -HS- | C] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\t7AHIvQWcAEro

[2009/10/13 21:01:08 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/06/28 11:35:22 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

[2008/06/28 11:28:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Widgets

[2008/06/28 11:28:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Matthieu\Application Data\Utilities

[2008/06/28 11:28:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT

[2007/11/17 10:02:40 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL

[2007/02/25 21:24:49 | 000,018,748 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll

[2006/12/18 00:33:00 | 000,000,856 | ---- | C] () -- C:\WINDOWS\Bbt97.INI

[2006/12/18 00:29:19 | 000,000,844 | ---- | C] () -- C:\WINDOWS\BELOTEXP.INI

[2006/11/21 17:33:50 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI

[2006/10/20 15:54:02 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll

[2006/10/20 15:54:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll

[2006/05/24 23:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006/04/19 01:04:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2005/12/06 23:22:45 | 000,000,333 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2005/10/21 23:13:25 | 000,005,187 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2005/08/10 18:00:36 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/08/07 12:31:32 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\fusioncache.dat

[2005/02/21 15:26:33 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2005/02/21 15:26:32 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2005/02/21 15:26:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2005/02/21 15:26:31 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2005/02/21 08:56:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/02/21 08:46:26 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini

[2005/02/21 08:46:16 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini

[2005/02/21 08:13:20 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/02/21 08:08:11 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/02/21 08:04:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/02/21 08:04:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/02/21 08:04:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/02/21 08:04:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/02/21 08:04:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/02/21 08:04:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/02/21 08:02:58 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/02/21 08:01:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2005/02/21 07:50:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2005/02/21 07:50:25 | 000,010,180 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2005/02/21 07:50:24 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2005/02/21 07:50:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2005/02/21 07:50:24 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2005/02/21 07:46:35 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2005/02/21 07:46:35 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys

[2005/02/21 07:39:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Volume.dll

[2005/02/21 06:57:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll

[2005/02/21 06:57:25 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/02/21 06:56:51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/12/08 01:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/12/02 23:20:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2004/07/21 01:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/06/17 18:55:26 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll

[2004/06/17 18:48:42 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll

[2004/01/15 22:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2004/01/14 02:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

[2003/12/27 20:43:24 | 000,068,608 | ---- | C] () -- C:\WINDOWS\daemon.dll

[2003/09/16 16:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2003/09/16 16:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2003/07/29 23:33:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

[2003/05/14 15:54:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003/04/16 16:40:12 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2003/04/16 16:39:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll

[2003/04/01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/06/04 17:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

 

========== LOP Check ==========

 

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InterVideo

[2005/02/21 08:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\toshiba

[2010/08/17 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3

[2010/01/31 22:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2008/06/28 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dialogs

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2008/07/14 16:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2008/05/22 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor

[2008/06/28 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/07/30 20:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/25 13:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo

[2005/02/21 08:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba

[2007/03/20 23:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Design Science

[2007/02/25 21:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\deskPDF

[2010/12/17 00:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\download2

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\InterVideo

[2010/12/17 00:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\mssend2

[2009/10/20 20:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Mumble

[2008/06/28 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Nikon

[2008/07/14 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Opera

[2010/07/15 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Parrot Audio Suite

[2005/09/05 21:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\toshiba

[2010/12/17 00:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\updates

[2010/12/16 23:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\xssend2

[2010/12/16 20:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/10/14 19:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2006/10/08 17:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems

[2010/08/17 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3

[2010/01/31 22:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/12/25 13:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/12/25 13:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/06/28 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dialogs

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2008/07/14 16:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2010/03/19 21:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/05/22 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor

[2010/08/18 19:35:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2008/06/28 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2005/02/21 07:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2005/09/05 05:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2009/03/06 18:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/03/20 16:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2007/09/28 14:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2006/12/18 19:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/02/25 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2010/07/30 20:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/25 13:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/07/21 15:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

 

< %APPDATA%\*. >

[2009/02/03 22:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Adobe

[2009/02/03 20:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\AdobeUM

[2009/12/25 13:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Apple Computer

[2007/03/20 23:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Design Science

[2007/02/25 21:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\deskPDF

[2010/12/17 00:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\download2

[2009/02/02 21:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\dvdcss

[2005/10/08 20:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Google

[2006/10/27 20:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Help

[2005/02/21 07:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Identities

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\InterVideo

[2006/09/22 17:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Lavasoft

[2005/08/17 02:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Macromedia

[2010/03/19 21:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Malwarebytes

[2010/12/08 22:06:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Matthieu\Application Data\Microsoft

[2010/12/16 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Mozilla

[2010/12/17 00:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\mssend2

[2009/10/20 20:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Mumble

[2008/06/28 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Nikon

[2008/07/14 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Opera

[2010/07/15 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Parrot Audio Suite

[2010/09/20 21:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Skype

[2010/09/20 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\skypePM

[2005/02/21 08:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Sonic

[2005/10/16 00:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Sun

[2005/08/26 02:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Symantec

[2008/07/24 21:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\teamspeak2

[2005/09/05 21:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\toshiba

[2010/09/16 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\U3

[2010/12/17 00:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\updates

[2007/11/16 23:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Ventrilo

[2008/03/16 15:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\vlc

[2010/10/14 22:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\WinRAR

[2010/12/16 23:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\xssend2

[2010/12/16 20:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk

 

< %APPDATA%\*.exe /s >

[2010/04/01 20:35:09 | 001,956,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Matthieu\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2005/02/21 07:59:50 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Matthieu\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe

[2006/04/05 19:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Matthieu\Application Data\U3\temp\cleanup.exe

[2010/12/16 23:38:12 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe

[2010/12/16 20:35:56 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk\svcnost.exe

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

 

< MD5 for: CDROM.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2004/08/10 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

 

< MD5 for: CHANGER.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

 

< MD5 for: DISK.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys

[2004/08/10 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

 

< MD5 for: EVENTLOG.DLL >

[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2004/08/10 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\explorer.exe

 

< MD5 for: KR10N.SYS >

[2005/01/12 08:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\ToolsCD\RAID Driver\KR10N.sys

[2005/01/12 00:05:00 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys

[2005/01/12 00:05:00 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys

 

< MD5 for: NDIS.SYS >

[2004/08/10 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

 

< MD5 for: RASACD.SYS >

[2004/08/10 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

 

< MD5 for: RDPWD.SYS >

[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys

[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\system32\drivers\rdpwd.sys

[2004/08/10 14:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys

 

< MD5 for: SCECLI.DLL >

[2004/08/10 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

 

< MD5 for: SFLOPPY.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:Sfloppy.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys

[2004/08/10 14:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\drivers\sfloppy.sys

 

< MD5 for: SPLITTER.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:splitter.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys

[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\Driver Cache\i386\splitter.sys

[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\system32\dllcache\splitter.sys

[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\system32\drivers\splitter.sys

[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys

[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys

 

< MD5 for: SWMIDI.SYS >

[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\drivers\swmidi.sys

 

< MD5 for: TCPIP.SYS >

[2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\SoftwareDistribution\Download\3edfca8ec13d50426ddc4bdd2372e711\sp2qfe\tcpip.sys

[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys

[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\SoftwareDistribution\Download\3edfca8ec13d50426ddc4bdd2372e711\sp2gdr\tcpip.sys

[2005/05/25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[2005/05/25 20:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

[2004/08/10 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\system32\drivers\tcpip.sys

 

< MD5 for: TDPIPE.SYS >

[2004/08/10 14:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\drivers\tdpipe.sys

 

< MD5 for: TDTCP.SYS >

[2004/08/10 14:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\drivers\tdtcp.sys

 

< MD5 for: USBPRINT.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbprint.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys

[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\dllcache\usbprint.sys

[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\drivers\usbprint.sys

 

< MD5 for: USBSCAN.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbscan.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys

[2004/08/04 04:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\dllcache\usbscan.sys

[2004/08/04 04:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\drivers\usbscan.sys

 

< MD5 for: USERINIT.EXE >

[2004/08/10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2004/08/10 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\system32\winlogon.exe

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2005/07/26 05:39:57 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

 

 

 

 

 

Extras.Txt

-------------------------------------------------------------------------------------------------------------

 

OTL Extras logfile created on: 03/01/2011 21:55:49 - Run 1

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Matthieu\Bureau

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

1 023,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory | 51,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74,43 Gb Total Space | 6,72 Gb Free Space | 9,03% Space Free | Partition Type: NTFS

Drive D: | 74,52 Gb Total Space | 0,99 Gb Free Space | 1,33% Space Free | Partition Type: NTFS

 

Computer Name: THOT | User Name: Matthieu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"135:TCP" = 135:TCP:*:Enabled:RPC

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found

"C:\Program Files\Jeux\Half Life\Steam\SteamApps\mathcarissimo@evhr.net\team fortress classic\hl.exe" = C:\Program Files\Jeux\Half Life\Steam\SteamApps\mathcarissimo@evhr.net\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\Toshiba\ConfigFree\CFXFER.exe" = C:\Program Files\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)

"C:\Program Files\amsn\bin\wish.exe" = C:\Program Files\amsn\bin\wish.exe:*:Enabled:Wish Application -- File not found

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Program Files\Jeux\Half Life\Steam\steam.exe" = C:\Program Files\Jeux\Half Life\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)

"D:\Jeux\Steam\steam.exe" = D:\Jeux\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)

"D:\Jeux\Steam\steamapps\mathcarissimo@evhr.net\team fortress 2\hl2.exe" = D:\Jeux\Steam\steamapps\mathcarissimo@evhr.net\team fortress 2\hl2.exe:*:Disabled:hl2 -- ()

"D:\Jeux\Steam\steamapps\mathcarissimo@evhr.net\source sdk base\hl2.exe" = D:\Jeux\Steam\steamapps\mathcarissimo@evhr.net\source sdk base\hl2.exe:*:Enabled:hl2 -- ()

"C:\Program Files\Freeplayer\vlc\vlc.exe" = C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()

"C:\Program Files\VLC\vlc.exe" = C:\Program Files\VLC\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Program Files\Jeux\WET\ETDED.exe" = C:\Program Files\Jeux\WET\ETDED.exe:*:Enabled:ETDED -- ()

"C:\Program Files\Jeux\WET\ET.exe" = C:\Program Files\Jeux\WET\ET.exe:*:Enabled:ET -- ()

"C:\Program Files\Teamspeak\Teamspeak2_RC2\server_windows.exe" = C:\Program Files\Teamspeak\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server -- ()

"C:\Program Files\Jeux\Age of Empires 3\age3.exe" = C:\Program Files\Jeux\Age of Empires 3\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)

"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote -- (Microsoft Corp.)

"C:\Program Files\Parrot Audio Suite\PSM\Parrot Sound Manager.exe" = C:\Program Files\Parrot Audio Suite\PSM\Parrot Sound Manager.exe:*:Enabled:Parrot Sound Manager -- ()

"C:\Program Files\Parrot Audio Suite\PSM\WifiWizard.exe" = C:\Program Files\Parrot Audio Suite\PSM\WifiWizard.exe:*:Enabled:WifiWizard -- ()

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\DOCUME~1\Matthieu\LOCALS~1\Temp\0.8159065627407934.exe" = C:\DOCUME~1\Matthieu\LOCALS~1\Temp\0.8159065627407934.exe:*:Enabled:ldrsoft -- File not found

"C:\Documents and Settings\Matthieu\Application Data\download2\svcnost.exe" = C:\Documents and Settings\Matthieu\Application Data\download2\svcnost.exe:*:Enabled:ldrsoft -- File not found

"C:\DOCUME~1\Matthieu\LOCALS~1\Temp\5778596.exe" = C:\DOCUME~1\Matthieu\LOCALS~1\Temp\5778596.exe:*:Enabled:ldrsoft -- File not found

"C:\Documents and Settings\Matthieu\Application Data\mssend2\svcnost.exe" = C:\Documents and Settings\Matthieu\Application Data\mssend2\svcnost.exe:*:Enabled:ldrsoft -- File not found

"C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe" = C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe:*:Enabled:ldrsoft -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = Assist TOSHIBA

"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = Manuels TOSHIBA

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}" = iPod Updater 2004-08-06

"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3E6FA9D9-D4CA-492B-AE98-83A2D853A355}" = Utilitaire TOSHIBA RAID

"{3F6A5F11-EC99-44DD-A27E-C5C61E47CE48}" = TIxx21/x515

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{47DC4B39-B1F6-498A-AFFE-E78FDAF34D1F}" = Utilitaire d'enrichissement d'image Toshiba

"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = Formatage de carte mémoire SD TOSHIBA

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch

"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = Utilitaire de zoom TOSHIBA

"{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{83895843-3A51-4C93-9DF3-2BDB65C7E54A}" = DAEMON Tools

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist

"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Son virtuel TOSHIBA

"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0

"{9112040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA

"{91A1040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003

"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = Commandes TOSHIBA

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject

"3C Texas Holdem Poker" = 3C Texas Holdem Poker

"Ad-Aware SE Personal" = Ad-Aware SE Personal

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"avast5" = avast! Free Antivirus

"CANONBJ_Deinstall_CNMCP4b.DLL" = Canon i850

"CMScout" = CM Scout

"deskPDF 2.5 Standard_is1" = deskPDF 2.5 Standard Edition

"DSMT5" = MathType 5

"FileZilla" = FileZilla (remove only)

"Freeplayer" = Freeplayer

"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15

"Half-Life" = Half-Life

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}" = iPod Updater 2004-08-06

"InstallShield_{3F6A5F11-EC99-44DD-A27E-C5C61E47CE48}" = Texas Instruments PCIxx21/x515 drivers.

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 2.10 Full

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"mIRC" = mIRC

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MSNINST" = MSN

"Mumble" = Mumble and Murmur

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Outil de diagnostic PC" = Outil de diagnostic PC TOSHIBA

"Parrot Audio Suite" = Parrot Audio Suite

"Power Saver" = Gestion d'énergie TOSHIBA

"PowerISO" = PowerISO

"PremElem10" = Adobe Premiere Elements 1.0

"PROSet" = Intel® PRO Network Adapters and Drivers

"Steam App 215" = Source SDK Base

"Steam App 220" = Half-Life 2

"Steam App 380" = Half-Life 2: Episode One

"Steam App 400" = Portal

"Steam App 420" = Half-Life 2: Episode Two

"Steam App 440" = Team Fortress 2

"Steam" = Steam

"SystemRequirementsLab" = System Requirements Lab

"TDspBtn" = Utilitaire TOSHIBA de changement d'écran

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2

"TFNF5" = Utilitaire TOSHIBA d'accès direct aux périphériques d’affichage

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"TOSHIBA Utilities" = TOSHIBA Utilities

"TouchED" = Utilitaire Activer/désactiver la tablette tactile TOSHIBA V2.05.00

"Utilitaires Sierra" = Utilitaires Sierra

"VLC media player" = VideoLAN VLC media player 0.8.5

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = WinRAR archiver

"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16/12/2010 17:15:14 | Computer Name = THOT | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : The server name or address could not be resolved

 

Error - 16/12/2010 17:15:14 | Computer Name = THOT | Source = crypt32 | ID = 131083

Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon

la vérification par rapport à l'horloge système en cours ou le tampon daté dans

le fichier signé.

 

Error - 16/12/2010 17:15:14 | Computer Name = THOT | Source = crypt32 | ID = 131083

Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier

CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon

la vérification par rapport à l'horloge système en cours ou le tampon daté dans

le fichier signé.

 

Error - 16/12/2010 17:15:14 | Computer Name = THOT | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 16/12/2010 17:15:14 | Computer Name = THOT | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette connexion réseau n'existe pas.

 

Error - 16/12/2010 18:38:24 | Computer Name = THOT | Source = Application Error | ID = 1000

Description = Application défaillante svcnost.exe, version 4.1.0.2, module défaillant

unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

 

Error - 20/12/2010 05:45:45 | Computer Name = THOT | Source = Application Error | ID = 1000

Description = Application défaillante svcnost.exe, version 4.1.0.2, module défaillant

unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

 

Error - 20/12/2010 14:49:50 | Computer Name = THOT | Source = Application Error | ID = 1000

Description = Application défaillante svcnost.exe, version 4.1.0.2, module défaillant

unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

 

Error - 03/01/2011 14:31:58 | Computer Name = THOT | Source = Application Error | ID = 1000

Description = Application défaillante svcnost.exe, version 4.1.0.2, module défaillant

unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

 

Error - 03/01/2011 14:44:20 | Computer Name = THOT | Source = Application Error | ID = 1000

Description = Application défaillante iexplore.exe, version 7.0.6000.16441, module

défaillant mshtml.dll, version 7.0.6000.16441, adresse de défaillance 0x000c629d.

 

[ System Events ]

Error - 28/12/2010 09:16:41 | Computer Name = THOT | Source = ipnathlp | ID = 32003

Description = Le traducteur d'adresses réseau (NAT) n'a pas pu demander une opération

du

module de traduction en mode noyau. Ceci peut indiquer une configuration incorrecte,

des ressources insuffisantes ou une erreur interne. La donnée est le code de l'erreur.

 

Error - 28/12/2010 12:20:53 | Computer Name = THOT | Source = BTHUSB | ID = 327697

Description = La radio locale Bluetooth a échoué d'une manière indéterminée et sera

déchargée.

 

Error - 28/12/2010 12:20:53 | Computer Name = THOT | Source = W32Time | ID = 39452689

Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de

la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient

va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération

a été tentée sur un hôte impossible à atteindre. (0x80072751)

 

Error - 28/12/2010 12:20:53 | Computer Name = THOT | Source = W32Time | ID = 39452701

Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps

à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement

accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes.

NtpClient

n'a pas de source de temps précis.

 

Error - 28/12/2010 12:20:54 | Computer Name = THOT | Source = ipnathlp | ID = 32003

Description = Le traducteur d'adresses réseau (NAT) n'a pas pu demander une opération

du

module de traduction en mode noyau. Ceci peut indiquer une configuration incorrecte,

des ressources insuffisantes ou une erreur interne. La donnée est le code de l'erreur.

 

Error - 28/12/2010 13:17:11 | Computer Name = THOT | Source = Service Control Manager | ID = 7011

Description = Délai (30000 millisecondes) d'attente pour une réponse du service

W32Time à une transaction.

 

Error - 28/12/2010 13:13:53 | Computer Name = THOT | Source = BTHUSB | ID = 327697

Description = La radio locale Bluetooth a échoué d'une manière indéterminée et sera

déchargée.

 

Error - 03/01/2011 14:31:45 | Computer Name = THOT | Source = Service Control Manager | ID = 7023

Description = Le service Gestionnaire de disque logique s'est arrêté avec l'erreur :

%%126

 

Error - 03/01/2011 14:33:23 | Computer Name = THOT | Source = Windows Update Agent | ID = 16

Description = Connexion impossible : Windows ne parvient pas à se connecter au service

Mises à jour automatiques et ne peut donc pas procéder au téléchargement et à l'installation

des mises à jour définies par la planification. Windows continuera d'essayer d'établir

la connexion.

 

Error - 03/01/2011 14:35:47 | Computer Name = THOT | Source = Tcpip | ID = 4199

Description = Le système a détecté un conflit d'adresses pour l'adresse IP 192.168.0.1

avec le système d'adresse physique réseau 64:B9:E8:94:71:65. En conséquence les

opérations réseau sur se système peuvent être interrompues.

 

 

< End of report >

[jeanmimigab]

re,

 

fais cela stp..

 

* Fais un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

 

 

:Files

C:\WINDOWS\System32\Yrwspwgu.d1l

C:\WINDOWS\System32\drivers\Yrwspwgu.sys

C:\Documents and Settings\Matthieu\Application Data\download2

C:\Documents and Settings\Matthieu\Application Data\updates

C:\Documents and Settings\Matthieu\Application Data\xssend2

C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe

C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk

C:\Documents and Settings\All Users\Application Data\espionServerData

C:\Documents and Settings\Matthieu\Application Data\mssend2

 

:OTL

SRV - (dmserver) -- C:\WINDOWS\System32\Yrwspwgu.d1l File not found

DRV - (Yrwspwgu) -- C:\WINDOWS\System32\drivers\Yrwspwgu.sys File not found

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = chuck;webens;consult;*.local

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49636

O4 - HKLM..\Run: [TFncKy] File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [download] C:\Documents and Settings\Matthieu\Application Data\download2\svcnost.exe File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [engel] C:\Documents and Settings\Matthieu\Application Data\updates\updates.exe File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [mssend] C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe (Microsoft Corporation)

F3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 WinNT: Load - (C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe) - C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe File not found

O20 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 Winlogon: Shell - (C:\Documents and Settings\Matthieu\Application Data\dwm.exe) - C:\Documents and Settings\Matthieu\Application Data\dwm.exe File not found

SafeBootMin: dmserver - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

SafeBootNet: dmserver - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

NetSvcs: DMServer - C:\WINDOWS\System32\Yrwspwgu.d1l File not found

 

:Commands

[emptytemp]

[EMPTYFLASH]

 

 

 

* Cliques sur l'icône "Correction" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport va s'ouvrir "OTL.Txt"

* Copie et colle le rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

 

Ensuite...vérifie deux choses stp...

 

o Dans Firefox Menu "outils" > "options".

o Cliques sur en haut à droite sur "Avancé" > "onglet "réseau" > à la rubrique "connexions",cliques sur paramètres.

o Vérifie que "pas de proxy" soit bien cochée.

o Fermes les fenêtre en cliquant sur "OK".

 

ensuite...

 

o Ouvres Internet Explorer,cliques sur le menu "Outils" > "Options Internet".

o A l'onglet "Connexions" > cliques en bas à droite sur "paramètres réseaux".

o Si la case "utiliser un serveur proxi pour votre réseau local" est cochée,décoches la...

o Quittes les fenêtre par "OK" et "Appliquer".

 

 

et enfin...

 

• télécharge Malwarebytes et installe le.
  
• Après avoir effectué la mise à jour, Choisis "exécuter un examen rapide", à la fin du scanne, coches tous les éléments trouvés,et clique sur supprimer la sélection et redémarre le PC si demandés.
  
• Poste moi le rapport stp.

 

@++

Modifié le 3 janvier 2011 par jeanmimigab

[Thot24]

Ok j'ai l'impression que j'ai un petit problème avec la correction OTL. Ça fait 20 min que mon PC est bloqué sur :

 

C:\WINDOWS\System32\Yrwspwgu.d1l File not found...

 

Dois-je rebooter au milieu de la correction ?

[Thot24]

Après deux essais, je me retrouve toujours coincé au même niveau dans la correction OTL :

 

Processing SafeBootMin: dmserver - C:\WINDOWS\System32\Yrwspwgu.d1l File not found...

 

Je lancerai MBAM et posterai le rapport demain.

 

D'ici-là, bonne soirée !

[jeanmimigab]

Bonjour,

 

bizarre pour OTL

 

essais avec ce "scan personnalisé" modifié et vérifie que tu clique bien sur "correction" et non sur "analyse"

 

:Files

C:\Documents and Settings\Matthieu\Application Data\download2

C:\Documents and Settings\Matthieu\Application Data\updates

C:\Documents and Settings\Matthieu\Application Data\xssend2

C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe

C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk

C:\Documents and Settings\All Users\Application Data\espionServerData

C:\Documents and Settings\Matthieu\Application Data\mssend2

 

:OTL

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = chuck;webens;consult;*.local

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49636

O4 - HKLM..\Run: [TFncKy] File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [download] C:\Documents and Settings\Matthieu\Application Data\download2\svcnost.exe File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [engel] C:\Documents and Settings\Matthieu\Application Data\updates\updates.exe File not found

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [mssend] C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe (Microsoft Corporation)

F3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 WinNT: Load - (C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe) - C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe File not found

O20 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 Winlogon: Shell - (C:\Documents and Settings\Matthieu\Application Data\dwm.exe) - C:\Documents and Settings\Matthieu\Application Data\dwm.exe File not found

 

:Commands

[emptytemp]

[EMPTYFLASH]

 

bonne journée, à ce soir

[Thot24]

Salut jeanmimigab,

 

J'ai lancé la deuxième correction OTL que tu m'as conseillé et qui est allée à son terme, puis j'ai enchaîné sur une recherche MBAM. Je te mets les deux rapports ci-dessous. Merci encore pour ton aide !

 

 

 

 

 

OTL

------------------------------------------------------------------------------------------------------------

 

All processes killed

========== FILES ==========

File\Folder C:\Documents and Settings\Matthieu\Application Data\download2 not found.

File\Folder C:\Documents and Settings\Matthieu\Application Data\updates not found.

File\Folder C:\Documents and Settings\Matthieu\Application Data\xssend2 not found.

File\Folder C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe not found.

File\Folder C:\Documents and Settings\Matthieu\Application Data\xssendmcvowpujuyomudtyrtn2q3vyacenppk not found.

File\Folder C:\Documents and Settings\All Users\Application Data\espionServerData not found.

File\Folder C:\Documents and Settings\Matthieu\Application Data\mssend2 not found.

========== OTL ==========

HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy not found.

Registry value HKEY_USERS\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Run\\download not found.

Registry value HKEY_USERS\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Run\\engel not found.

Registry value HKEY_USERS\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Run\\mssend not found.

File C:\Documents and Settings\Matthieu\Application Data\xssend2\svcnost.exe not found.

Registry value HKEY_USERS\S-1-5-21-3344276049-1003050484-3659971776-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\Matthieu\LOCALS~1\Temp\csrss.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3344276049-1003050484-3659971776-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Matthieu\Application Data\dwm.exe deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Matthieu

->Temp folder emptied: 679640258 bytes

->Temporary Internet Files folder emptied: 193440828 bytes

->Java cache emptied: 124580 bytes

->FireFox cache emptied: 59984393 bytes

->Flash cache emptied: 1979951 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 78987866 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 967,00 mb

 

 

[EMPTYFLASH]

 

User: Administrateur

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: Matthieu

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.20.1 log created on 01042011_194611

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

 

 

 

MBAM

---------------------------------------------------------------------------------------

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Version de la base de données: 5459

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.11

 

04/01/2011 20:03:31

mbam-log-2011-01-04 (20-03-31).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 148627

Temps écoulé: 4 minute(s), 32 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Value: idln2 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

[jeanmimigab]

hello,

 

désolé d'arriver si tard, la journée a été dure

 

c'est pas mal tout cela,

 

peux-tu me poster un rapport OTL comme tu l'as fais la première fois stp...

 

NOTE: cette fois ci tu n'auras pas de rapport "extrat.txt"

 

@++

[Thot24]

Ne t'inquiète surtout pas, c'est déjà super sympa de m'aider !

 

Voici le rapport OTL :

 

 

 

 

OTL logfile created on: 04/01/2011 22:48:18 - Run 2

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Matthieu\Bureau

Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

1 023,00 Mb Total Physical Memory | 596,00 Mb Available Physical Memory | 58,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74,43 Gb Total Space | 7,72 Gb Free Space | 10,37% Space Free | Partition Type: NTFS

Drive D: | 74,52 Gb Total Space | 0,99 Gb Free Space | 1,33% Space Free | Partition Type: NTFS

 

Computer Name: THOT | User Name: Matthieu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Matthieu\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Parrot Audio Suite\PSM\WifiService.exe ()

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)

PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)

PRC - C:\Program Files\PictureProject\NkbMonitor.exe (Nikon Corporation)

PRC - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

PRC - C:\Program Files\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe (TOSHIBA Corp.)

PRC - C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)

PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

PRC - C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\TFNF5.exe (TOSHIBA Corp.)

PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

PRC - C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Matthieu\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvwrsfr.dll (NVIDIA Corporation)

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (avast! Web Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Program Files\Avast5\AvastSvc.exe (AVAST Software)

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (WifiService) -- C:\Program Files\Parrot Audio Suite\PSM\WifiService.exe ()

SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)

SRV - (Adobe LM Service) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (AdobeActiveFileMonitor4.0) -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (kraidsvc) -- C:\Program Files\Toshiba\TOSHIBA RAID\Service\kraidsvc.exe (TOSHIBA Corporation)

SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (ParrotSAVirtualAudioCableWdm_Ver100) Parrot High Quality Audio (WDM) -- C:\WINDOWS\system32\drivers\ParrotVad.sys (Parrot SA)

DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (KR10N) -- C:\WINDOWS\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)

DRV - (ttv200x) -- C:\WINDOWS\system32\drivers\ttv200x.sys (TOSHIBA)

DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)

DRV - (w29n51) Pilote de carte de connexion réseau Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (TVALZ) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS (TOSHIBA Corporation)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (d344bus) -- C:\WINDOWS\system32\DRIVERS\d344bus.sys ( )

DRV - (d344prt) -- C:\WINDOWS\System32\Drivers\d344prt.sys ( )

DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)

DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)

DRV - (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) -- C:\WINDOWS\system32\drivers\CamDrL21.sys (Philips Semiconductors)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/16 20:43:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 20:42:16 | 000,000,000 | ---D | M]

 

[2010/12/16 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthieu\Application Data\Mozilla\Extensions

[2010/12/16 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matthieu\Application Data\Mozilla\Firefox\Profiles\bkp9w8jz.default\extensions

[2010/12/16 20:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/03/20 16:34:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/12/03 19:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/12/03 19:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/12/03 19:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/12/03 19:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/12/03 19:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O4 - HKLM..\Run: [000StTHK] File not found

O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [CFSServ.exe] File not found

O4 - HKLM..\Run: [Kraidman] C:\Program Files\Toshiba\TOSHIBA RAID\Console\Kraidman.exe_ File not found

O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)

O4 - HKLM..\Run: [NDSTray.exe] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PadTouch] C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)

O4 - HKLM..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe_ File not found

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)

O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe_ File not found

O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [utilitaire d'enrichissement d'image Toshiba] C:\Program Files\Toshiba\TOSHIBA Picture Enhancement Utility\TosPEHK.exe (TOSHIBA Corp.)

O4 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk = C:\Program Files\PictureProject\NkbMonitor.exe (Nikon Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203967218562 (WUWebControl Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227814016421 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.mypix.com/importer/ImageUploader4.cab (Image Uploader Control)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-3344276049-1003050484-3659971776-1005 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Matthieu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthieu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/02/21 07:09:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{0de3b702-ab00-11df-9401-0012f01abe5b}\Shell - "" = AutoRun

O33 - MountPoints2\{0de3b702-ab00-11df-9401-0012f01abe5b}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found

O33 - MountPoints2\{14cfb960-8282-11dd-911d-000e7bd3cc71}\Shell - "" = AutoRun

O33 - MountPoints2\{14cfb960-8282-11dd-911d-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{a751fae3-a3a0-11dd-9140-000e7bd3cc71}\Shell - "" = AutoRun

O33 - MountPoints2\{a751fae3-a3a0-11dd-9140-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{afa1dc2c-2828-11dd-90ac-0012f01abe5b}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe

O33 - MountPoints2\{c53f5da8-7ef9-11df-93d6-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found

O33 - MountPoints2\{fd4d1435-c732-11de-92e6-000e7bd3cc71}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: Steam - hkey= - key= - D:\Jeux\Steam\Steam.exe (Valve Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: dmserver - Service

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Lecteur Windows Media Microsoft 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F590509A-C24C-FDF7-B923-2335A296E839} - Lecteur Windows Media Microsoft 6.4

ActiveX: {F85D4622-1195-C00E-282C-8E623B49D7E6} - Rendu VML (Vector Graphics Rendering)

ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)

Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: VIDC.IV40 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvid.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/01/03 22:45:53 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/01/03 21:44:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthieu\Bureau\OTL.exe

[2010/12/16 20:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Mes documents\Téléchargements

[2010/12/16 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\Mozilla

[2010/12/16 20:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthieu\Application Data\Mozilla

[2010/12/16 20:42:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mozilla Firefox

[2010/12/16 20:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2006/12/08 16:54:44 | 000,137,216 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344bus.sys

[2006/12/08 16:54:44 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d344prt.sys

 

========== Files - Modified Within 30 Days ==========

 

[2011/01/04 22:48:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/04 21:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2011/01/04 19:50:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/01/04 19:50:32 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/04 19:50:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/01/04 19:50:19 | 1072,807,936 | -HS- | M] () -- C:\hiberfil.sys

[2011/01/04 19:48:59 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat

[2011/01/03 21:53:00 | 367,470,401 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\D11.avi

[2011/01/03 21:44:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthieu\Bureau\OTL.exe

[2010/12/28 18:25:37 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\Mots croisés.xls

[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/18 23:27:10 | 059,160,576 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco2_DVD.mpg

[2010/12/18 22:26:38 | 042,934,272 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco1_DVD.mpg

[2010/12/16 21:15:26 | 000,101,376 | ---- | M] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/16 21:14:20 | 183,729,908 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\H12.avi

[2010/12/16 20:43:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/12/16 20:42:22 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Matthieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/13 13:04:02 | 366,708,804 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\D10.avi

[2010/12/09 19:18:18 | 000,003,112 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/12/09 16:50:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/12/08 21:29:56 | 000,006,339 | ---- | M] () -- C:\Documents and Settings\Matthieu\Application Data\FC66.B7B

[2010/12/08 16:00:02 | 733,734,912 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\LPLG.avi

[2010/12/08 14:44:43 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\http.doc

[2010/12/07 08:58:02 | 183,449,601 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\H11.avi

[2010/12/06 06:06:57 | 366,733,313 | ---- | M] () -- C:\Documents and Settings\Matthieu\Bureau\D9.avi

 

========== Files Created - No Company Name ==========

 

[2011/01/03 21:51:30 | 367,470,401 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\D11.avi

[2010/12/28 12:55:48 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\Mots croisés.xls

[2010/12/20 13:02:41 | 059,160,576 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco2_DVD.mpg

[2010/12/20 13:02:32 | 042,934,272 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\18-12-10_L1_J18_ParisSG-Monaco1_DVD.mpg

[2010/12/17 00:24:02 | 366,708,804 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\D10.avi

[2010/12/16 21:07:50 | 183,729,908 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\H12.avi

[2010/12/16 20:43:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/12/16 20:42:22 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Matthieu\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/12/08 18:01:44 | 000,006,339 | ---- | C] () -- C:\Documents and Settings\Matthieu\Application Data\FC66.B7B

[2010/12/08 15:57:28 | 733,734,912 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\LPLG.avi

[2010/12/08 15:25:58 | 733,601,792 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\R.avi

[2010/12/08 14:59:15 | 183,449,601 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\H11.avi

[2010/12/06 22:27:18 | 366,733,313 | ---- | C] () -- C:\Documents and Settings\Matthieu\Bureau\D9.avi

[2010/03/18 23:02:52 | 000,012,760 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t7AHIvQWcAEro

[2010/03/18 23:02:51 | 000,012,760 | -HS- | C] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\t7AHIvQWcAEro

[2009/10/13 21:01:08 | 000,138,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008/06/28 11:35:22 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

[2008/06/28 11:28:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Widgets

[2008/06/28 11:28:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Matthieu\Application Data\Utilities

[2008/06/28 11:28:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT

[2007/11/17 10:02:40 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL

[2007/02/25 21:24:49 | 000,018,748 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll

[2006/12/18 00:33:00 | 000,000,856 | ---- | C] () -- C:\WINDOWS\Bbt97.INI

[2006/12/18 00:29:19 | 000,000,844 | ---- | C] () -- C:\WINDOWS\BELOTEXP.INI

[2006/11/21 17:33:50 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Sof2.INI

[2006/10/20 15:54:02 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll

[2006/10/20 15:54:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll

[2006/05/24 23:47:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006/04/19 01:04:53 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2005/12/06 23:22:45 | 000,000,333 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2005/10/21 23:13:25 | 000,005,187 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2005/08/10 18:00:36 | 000,101,376 | ---- | C] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/08/07 12:31:32 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Matthieu\Local Settings\Application Data\fusioncache.dat

[2005/02/21 15:26:33 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2005/02/21 15:26:32 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2005/02/21 15:26:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2005/02/21 15:26:31 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2005/02/21 08:56:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/02/21 08:46:26 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini

[2005/02/21 08:46:16 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini

[2005/02/21 08:13:20 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/02/21 08:08:11 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/02/21 08:04:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/02/21 08:04:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/02/21 08:04:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/02/21 08:04:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/02/21 08:04:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/02/21 08:04:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/02/21 08:02:58 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/02/21 08:01:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI

[2005/02/21 07:50:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2005/02/21 07:50:25 | 000,010,180 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini

[2005/02/21 07:50:24 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini

[2005/02/21 07:50:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll

[2005/02/21 07:50:24 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini

[2005/02/21 07:46:35 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys

[2005/02/21 07:46:35 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys

[2005/02/21 07:39:09 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Volume.dll

[2005/02/21 06:57:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll

[2005/02/21 06:57:25 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/02/21 06:56:51 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/12/08 01:40:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/12/02 23:20:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2004/07/21 01:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/06/17 18:55:26 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll

[2004/06/17 18:48:42 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll

[2004/01/15 22:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2004/01/14 02:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

[2003/12/27 20:43:24 | 000,068,608 | ---- | C] () -- C:\WINDOWS\daemon.dll

[2003/09/16 16:52:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2003/09/16 16:41:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2003/07/29 23:33:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

[2003/05/14 15:54:02 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

[2003/04/16 16:40:12 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll

[2003/04/16 16:39:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll

[2003/04/01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/06/04 17:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

 

========== LOP Check ==========

 

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\InterVideo

[2005/02/21 08:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\toshiba

[2010/08/17 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3

[2010/01/31 22:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2008/06/28 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dialogs

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2008/05/22 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor

[2008/06/28 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2010/07/30 20:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/25 13:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterVideo

[2005/02/21 08:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba

[2007/03/20 23:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Design Science

[2007/02/25 21:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\deskPDF

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\InterVideo

[2009/10/20 20:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Mumble

[2008/06/28 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Nikon

[2008/07/14 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Opera

[2010/07/15 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Parrot Audio Suite

[2005/09/05 21:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\toshiba

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/10/14 19:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2006/10/08 17:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems

[2010/08/17 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3

[2010/01/31 22:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/12/25 13:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/12/25 13:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008/06/28 11:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dialogs

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2010/03/19 21:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/05/22 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor

[2010/08/18 19:35:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2008/06/28 11:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2005/02/21 07:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2005/09/05 05:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2009/03/06 18:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/03/20 16:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2007/09/28 14:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2008/06/28 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2006/12/18 19:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/02/25 20:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2010/07/30 20:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/12/25 13:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/07/21 15:30:16 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

[2011/01/04 19:56:37 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

 

< %APPDATA%\*. >

[2009/02/03 22:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Adobe

[2009/02/03 20:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\AdobeUM

[2009/12/25 13:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Apple Computer

[2007/03/20 23:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Design Science

[2007/02/25 21:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\deskPDF

[2009/02/02 21:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\dvdcss

[2005/10/08 20:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Google

[2006/10/27 20:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Help

[2005/02/21 07:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Identities

[2005/02/22 13:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\InterVideo

[2006/09/22 17:23:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Lavasoft

[2005/08/17 02:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Macromedia

[2010/03/19 21:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Malwarebytes

[2010/12/08 22:06:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Matthieu\Application Data\Microsoft

[2010/12/16 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Mozilla

[2009/10/20 20:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Mumble

[2008/06/28 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Nikon

[2008/07/14 16:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Opera

[2010/07/15 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Parrot Audio Suite

[2010/09/20 21:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Skype

[2010/09/20 21:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\skypePM

[2005/02/21 08:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Sonic

[2005/10/16 00:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Sun

[2005/08/26 02:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Symantec

[2008/07/24 21:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\teamspeak2

[2005/09/05 21:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\toshiba

[2010/09/16 22:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\U3

[2007/11/16 23:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\Ventrilo

[2008/03/16 15:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\vlc

[2010/10/14 22:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthieu\Application Data\WinRAR

 

< %APPDATA%\*.exe /s >

[2005/02/21 07:59:50 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Matthieu\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85}\ARPPRODUCTICON.exe

[2006/04/05 19:38:10 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Matthieu\Application Data\U3\temp\cleanup.exe

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

 

< MD5 for: CDROM.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:cdrom.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2004/08/10 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

 

< MD5 for: CHANGER.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:Changer.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

 

< MD5 for: DISK.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys

[2004/08/10 14:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

 

< MD5 for: EVENTLOG.DLL >

[2004/08/10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2004/08/10 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\explorer.exe

 

< MD5 for: KR10N.SYS >

[2005/01/12 08:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\ToolsCD\RAID Driver\KR10N.sys

[2005/01/12 00:05:00 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\OemDir\KR10N.sys

[2005/01/12 00:05:00 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) MD5=00C1EA8DECF810B8ECCB5C5A8186A96E -- C:\WINDOWS\system32\drivers\KR10N.sys

 

< MD5 for: NDIS.SYS >

[2004/08/10 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2004/08/10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\system32\netlogon.dll

 

< MD5 for: RASACD.SYS >

[2004/08/10 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

 

< MD5 for: RDPWD.SYS >

[2005/06/10 05:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys

[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\system32\drivers\rdpwd.sys

[2004/08/10 14:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys

 

< MD5 for: SCECLI.DLL >

[2004/08/10 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\system32\scecli.dll

 

< MD5 for: SFLOPPY.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:Sfloppy.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys

[2004/08/10 14:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\system32\drivers\sfloppy.sys

 

< MD5 for: SPLITTER.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:splitter.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys

[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\Driver Cache\i386\splitter.sys

[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\system32\dllcache\splitter.sys

[2006/06/14 09:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\system32\drivers\splitter.sys

[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys

[2006/06/14 09:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys

 

< MD5 for: SWMIDI.SYS >

[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\system32\drivers\swmidi.sys

 

< MD5 for: TCPIP.SYS >

[2006/04/20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[2006/01/13 18:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\SoftwareDistribution\Download\3edfca8ec13d50426ddc4bdd2372e711\sp2qfe\tcpip.sys

[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$NtUninstallKB917953_0$\tcpip.sys

[2006/01/13 03:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\SoftwareDistribution\Download\3edfca8ec13d50426ddc4bdd2372e711\sp2gdr\tcpip.sys

[2005/05/25 20:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[2005/05/25 20:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys

[2004/08/10 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2006/04/20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\system32\drivers\tcpip.sys

 

< MD5 for: TDPIPE.SYS >

[2004/08/10 14:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\system32\drivers\tdpipe.sys

 

< MD5 for: TDTCP.SYS >

[2004/08/10 14:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\system32\drivers\tdtcp.sys

 

< MD5 for: USBPRINT.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbprint.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys

[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\dllcache\usbprint.sys

[2004/08/03 22:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\system32\drivers\usbprint.sys

 

< MD5 for: USBSCAN.SYS >

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbscan.sys

[2004/08/10 14:00:00 | 017,013,719 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys

[2004/08/04 04:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\dllcache\usbscan.sys

[2004/08/04 04:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\system32\drivers\usbscan.sys

 

< MD5 for: USERINIT.EXE >

[2004/08/10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2004/08/10 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\system32\winlogon.exe

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2005/07/26 05:39:57 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >