Analyse de HijackThis

[Jisca]

hello,

 

Ne t'inquiètes pas c'est pas graves..

 

Fais un scanne complet de ton PC avec Antivir en prenant soin de le configurer comme dans cette vidéo de Bobette Marlow..et poste le rapport stp...

 

http://www.youtube.com/watch?v=7tBiBl54EX8&feature=player_embedded

 

@++

 

 

Allô,

 

Toute une misère avec ça.

Mon Pc est redevenu tout aussi lent et bloque malgré tout ce travail

Je reçois le message suivant quand je travaille :

 

"Un script de cette animation ralentit l'exécution d'Adope flash player 10."

Et on me demande de le suspendre pour que l'ordi fonctionne.

Je le suspends mais juste d'écrire ce message me prend une éternité.

 

Un script qui ne s'éxécute pas serait donc la bête à abattre !?!!??

%&?*?$*

#désespérée

 

P.S. informations supllémentaires au cas où:

 

J'ai redémarré mon PC après avoir envoyé mon message et 4 programmes se sont fermés :

 

1- lgfx tray

2- msnmsgr.exe (je m'en sers jamais)

3- FSScrCTL

4- Alerts timer Window

 

N.B. je peux écrire normalement maintenant !!!!!!!!!

 

 

________________________________

 

voici le rapport du scan demandé:

 

 

 

Avira AntiVir Personal

Date de création du fichier de rapport : 12 mars 2011 13:48

 

La recherche porte sur 2486199 souches de virus.

 

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus

Numéro de série : 0000149996-ADJIE-0000001

Plateforme : Windows XP

Version de Windows : (Service Pack 3) [5.1.2600]

Mode Boot : Démarré normalement

Identifiant : SYSTEM

Nom de l'ordinateur : GHISLAINE

 

Informations de version :

BUILD.DAT : 9.0.0.81 21698 Bytes 2010-10-22 12:02:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 2009-10-13 16:25:46

AVSCAN.DLL : 9.0.3.0 49409 Bytes 2009-03-03 15:21:02

LUKE.DLL : 9.0.3.2 209665 Bytes 2009-02-20 16:35:11

LUKERES.DLL : 9.0.2.0 13569 Bytes 2009-03-03 15:21:31

VBASE000.VDF : 7.10.0.0 19875328 Bytes 2009-11-06 12:35:52

VBASE001.VDF : 7.11.0.0 13342208 Bytes 2010-12-14 14:16:05

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2011-02-09 01:10:06

VBASE003.VDF : 7.11.3.1 2048 Bytes 2011-02-09 01:10:07

VBASE004.VDF : 7.11.3.2 2048 Bytes 2011-02-09 01:10:07

VBASE005.VDF : 7.11.3.3 2048 Bytes 2011-02-09 01:10:07

VBASE006.VDF : 7.11.3.4 2048 Bytes 2011-02-09 01:10:08

VBASE007.VDF : 7.11.3.5 2048 Bytes 2011-02-09 01:10:08

VBASE008.VDF : 7.11.3.6 2048 Bytes 2011-02-09 01:10:08

VBASE009.VDF : 7.11.3.7 2048 Bytes 2011-02-09 01:10:09

VBASE010.VDF : 7.11.3.8 2048 Bytes 2011-02-09 01:10:09

VBASE011.VDF : 7.11.3.9 2048 Bytes 2011-02-09 01:10:09

VBASE012.VDF : 7.11.3.10 2048 Bytes 2011-02-09 01:10:09

VBASE013.VDF : 7.11.3.59 157184 Bytes 2011-02-14 01:10:11

VBASE014.VDF : 7.11.3.97 120320 Bytes 2011-02-16 00:49:29

VBASE015.VDF : 7.11.3.148 128000 Bytes 2011-02-19 00:49:30

VBASE016.VDF : 7.11.3.183 140288 Bytes 2011-02-22 00:49:31

VBASE017.VDF : 7.11.3.216 124416 Bytes 2011-02-24 00:49:32

VBASE018.VDF : 7.11.3.251 159232 Bytes 2011-02-28 00:49:34

VBASE019.VDF : 7.11.4.33 148992 Bytes 2011-03-02 00:49:35

VBASE020.VDF : 7.11.4.73 150016 Bytes 2011-03-06 00:49:35

VBASE021.VDF : 7.11.4.108 122880 Bytes 2011-03-08 00:49:36

VBASE022.VDF : 7.11.4.150 133120 Bytes 2011-03-10 00:49:37

VBASE023.VDF : 7.11.4.151 2048 Bytes 2011-03-10 00:49:37

VBASE024.VDF : 7.11.4.152 2048 Bytes 2011-03-10 00:49:37

VBASE025.VDF : 7.11.4.153 2048 Bytes 2011-03-10 00:49:37

VBASE026.VDF : 7.11.4.154 2048 Bytes 2011-03-10 00:49:38

VBASE027.VDF : 7.11.4.155 2048 Bytes 2011-03-10 00:49:38

VBASE028.VDF : 7.11.4.156 2048 Bytes 2011-03-10 00:49:38

VBASE029.VDF : 7.11.4.157 2048 Bytes 2011-03-10 00:49:38

VBASE030.VDF : 7.11.4.158 2048 Bytes 2011-03-10 00:49:38

VBASE031.VDF : 7.11.4.177 80896 Bytes 2011-03-12 16:33:13

Version du moteur : 8.2.4.180

AEVDF.DLL : 8.1.2.1 106868 Bytes 2010-08-16 01:35:19

AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 2011-03-11 00:49:48

AESCN.DLL : 8.1.7.2 127349 Bytes 2010-11-28 00:21:51

AESBX.DLL : 8.1.3.2 254324 Bytes 2010-11-28 00:21:53

AERDL.DLL : 8.1.9.2 635252 Bytes 2010-11-01 14:10:09

AEPACK.DLL : 8.2.4.11 520566 Bytes 2011-03-11 00:49:46

AEOFFICE.DLL : 8.1.1.17 205177 Bytes 2011-03-11 00:49:45

AEHEUR.DLL : 8.1.2.83 3338613 Bytes 2011-03-11 00:49:44

AEHELP.DLL : 8.1.16.1 246134 Bytes 2011-02-15 01:10:18

AEGEN.DLL : 8.1.5.2 397683 Bytes 2011-02-15 01:10:17

AEEMU.DLL : 8.1.3.0 393589 Bytes 2010-11-28 00:21:42

AECORE.DLL : 8.1.19.2 196983 Bytes 2011-02-15 01:10:16

AEBB.DLL : 8.1.1.0 53618 Bytes 2010-04-24 21:13:24

AVWINLL.DLL : 9.0.0.3 18177 Bytes 2008-12-12 13:47:30

AVPREF.DLL : 9.0.3.0 44289 Bytes 2009-08-26 20:13:31

AVREP.DLL : 10.0.0.9 174120 Bytes 2011-03-11 00:49:48

AVREG.DLL : 9.0.0.0 36609 Bytes 2008-11-07 20:24:42

AVARKT.DLL : 9.0.0.3 292609 Bytes 2009-03-24 20:05:22

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 2009-01-30 15:36:37

SQLITE3.DLL : 3.6.1.0 326401 Bytes 2009-01-28 20:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2009-02-02 13:20:57

NETNT.DLL : 9.0.0.0 11521 Bytes 2008-11-07 20:40:59

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 2009-06-17 18:44:26

RCTEXT.DLL : 9.0.73.0 88321 Bytes 2009-11-02 21:58:32

 

Configuration pour la recherche actuelle :

Nom de la tâche...............................: Contrôle intégral du système

Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp

Documentation.................................: bas

Action principale.............................: interactif

Action secondaire.............................: ignorer

Recherche sur les secteurs d'amorçage maître..: marche

Recherche sur les secteurs d'amorçage.........: marche

Secteurs d'amorçage...........................: C:,

Recherche dans les programmes actifs..........: marche

Recherche en cours sur l'enregistrement.......: marche

Recherche de Rootkits.........................: marche

Contrôle d'intégrité de fichiers système......: arrêt

Fichier mode de recherche.....................: Tous les fichiers

Recherche sur les archives....................: marche

Limiter la profondeur de récursivité..........: 20

Archive Smart Extensions......................: marche

Heuristique de macrovirus.....................: marche

Heuristique fichier...........................: moyen

Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Début de la recherche : 12 mars 2011 13:48

 

La recherche d'objets cachés commence.

'67865' objets ont été contrôlés, '0' objets cachés ont été trouvés.

 

La recherche sur les processus démarrés commence :

Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés

Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés

Processus de recherche 'hpqbam08.exe' - '1' module(s) sont contrôlés

Processus de recherche 'hpqste08.exe' - '1' module(s) sont contrôlés

Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés

Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés

Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés

Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SMAgent.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés

Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés

Processus de recherche 'FSScrCtl.exe' - '1' module(s) sont contrôlés

Processus de recherche 'hpqtra08.exe' - '1' module(s) sont contrôlés

Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés

Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés

Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés

Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés

Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés

Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés

Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés

Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés

Processus de recherche 'SMax4.exe' - '1' module(s) sont contrôlés

Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés

Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés

Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés

Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés

Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés

Processus de recherche 'services.exe' - '1' module(s) sont contrôlés

Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés

Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés

Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés

'44' processus ont été contrôlés avec '44' modules

 

La recherche sur les secteurs d'amorçage maître commence :

Secteur d'amorçage maître HD0

[iNFO] Aucun virus trouvé !

 

La recherche sur les secteurs d'amorçage commence :

Secteur d'amorçage 'C:\'

[iNFO] Aucun virus trouvé !

 

La recherche sur les renvois aux fichiers exécutables (registre) commence :

Le registre a été contrôlé ( '59' fichiers).

 

 

La recherche sur les fichiers sélectionnés commence :

 

Recherche débutant dans 'C:\'

C:\pagefile.sys

[AVERTISSEMENT] Impossible d'ouvrir le fichier !

[REMARQUE] Ce fichier est un fichier système Windows.

[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.

 

 

Fin de la recherche : 12 mars 2011 15:30

Temps nécessaire: 1:41:41 Heure(s)

 

La recherche a été effectuée intégralement

 

8920 Les répertoires ont été contrôlés

407010 Des fichiers ont été contrôlés

0 Des virus ou programmes indésirables ont été trouvés

0 Des fichiers ont été classés comme suspects

0 Des fichiers ont été supprimés

0 Des virus ou programmes indésirables ont été réparés

0 Les fichiers ont été déplacés dans la quarantaine

0 Les fichiers ont été renommés

1 Impossible de contrôler des fichiers

407009 Fichiers non infectés

1348 Les archives ont été contrôlées

1 Avertissements

1 Consignes

67865 Des objets ont été contrôlés lors du Rootkitscan

0 Des objets cachés ont été trouvés

 

-----------------------------------------------

 

Merci pour tout, surtout, pour supporter ma mauvaise humeur )

Modifié le 12 mars 2011 par Jisca

[jeanmimigab]

hello,

 

Ce que tu as enlevé du démarrage de Windows n'est pas infectieux, cependant "FSScrCTL" qui appartient à "Stardust Screen Saver Toolkit" peut éventuellement être le coupable des ralentissement que tu as constatés avant...

 

En tout cas on aura pas fait tout ça pour rien, tu étais bien infecté...

 

Refais un scanne OTL comme tu l'as fais la première fois afin que je vérifie si je n'ai rien zappé et poste le rapport stp...

[Jisca]

hello,

 

Ce que tu as enlevé du démarrage de Windows n'est pas infectieux, cependant "FSScrCTL" qui appartient à "Stardust Screen Saver Toolkit" peut éventuellement être le coupable des ralentissement que tu as constatés avant...

 

En tout cas on aura pas fait tout ça pour rien, tu étais bien infecté...

 

Refais un scanne OTL comme tu l'as fais la première fois afin que je vérifie si je n'ai rien zappé et poste le rapport stp...

 

Bonjour

 

merci !

 

Voici le dernier rapport:

 

OTL logfile created on: 2011-03-13 10:05:35 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GC\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

 

239,00 Mb Total Physical Memory | 45,00 Mb Available Physical Memory | 19,00% Memory free

826,00 Mb Paging File | 288,00 Mb Available in Paging File | 35,00% Paging File free

Paging file location(s): C:\pagefile.sys 600 720 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,27 Gb Total Space | 22,64 Gb Free Space | 60,74% Space Free | Partition Type: NTFS

 

Computer Name: GHISLAINE | User Name: GC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\GC\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\WINDOWS\FSScrCtl.exe (Stardust Software)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\GC\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (MySql) -- File not found

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (Apache) -- File not found

SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)

DRV - (sf) -- C:\WINDOWS\system32\drivers\sf.sys (Sonic Focus, Inc)

DRV - (MidiSyn) -- C:\WINDOWS\system32\drivers\MidiSyn.sys (Analog Devices Inc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Yahoo! Search Results

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = La Poésie que j'aime ... - 1999-2011- le site officiel

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"

 

 

[2010-09-25 20:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions

[2010-09-25 20:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}

[2005-06-23 10:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\o4gac0l3.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010-09-25 20:46:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions

[2010-09-25 20:46:06 | 000,000,000 | ---D | M] (Chameleon Tom) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA79}

[2005-06-27 09:17:20 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\GC\Application Data\Mozilla\Firefox\Profiles\pw6n3w6j.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011-03-09 21:07:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010-07-28 09:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010-07-17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2003-04-24 08:00:00 | 000,000,790 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1004..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)

O4 - HKU\S-1-5-21-343818398-1960408961-839522115-1004..\RunOnce: [shockwave Updater] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - Reg Error: Key error. File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..Trusted Domains: lapoesiequejaime.net ([]https in Sites de confiance)

O15 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..Trusted Domains: live.ca ([]https in Sites de confiance)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (Reg Error: Key error.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (Reg Error: Key error.)

O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab (Malicious Software Removal Tool)

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://static.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} Technical difficulties (Windows Live Safety Center Base Module)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab (Image Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38044.6048148148 (Reg Error: Key error.)

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://fdata.over-blog.com/script/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control)

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} http://www.microsoft.com/security/controls/SassCln.CAB (SassCln Object)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\GC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004-02-27 18:16:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: Ip6FwHlp - File not found

 

 

SafeBootMin: AppMgmt - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: AppMgmt - File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282

ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715

ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167

ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework

ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894

ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567

ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework

ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353

ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: Ip6FwHlp - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-03-13 10:02:32 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\GC\Bureau\OTL.exe

[2011-03-09 21:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Bureau\nettoyage

[2011-03-09 19:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\GC\Recent

[2011-02-27 15:59:04 | 000,360,580 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll

[2011-02-27 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\eSellerate

[2011-02-27 15:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GC\Mes documents\docXConverter logs

[2011-02-27 15:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\docXConverter3

[2011-02-12 12:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck

[2010-06-30 18:59:47 | 017,874,088 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_0_1_setup.exe

[2009-11-09 21:55:57 | 000,834,042 | ---- | C] (REBOL Technologies) -- C:\Program Files\altme.exe

[2006-07-16 09:58:31 | 002,988,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vwdsetup.exe

[2005-02-04 12:05:52 | 012,718,080 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mp10setup.exe

[2005-01-28 12:50:01 | 002,065,552 | ---- | C] (Symantec Corporation) -- C:\Program Files\NAVSetup.exe

[2004-09-15 09:14:20 | 000,134,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\o2ksr1a.exe

[2004-06-11 10:00:11 | 003,836,584 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msorun.exe

[1999-03-23 10:12:40 | 000,011,264 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Program Files\_SETUP.DLL

[1999-03-23 10:12:22 | 000,008,192 | ---- | C] (Stirling Technologies, Inc.) -- C:\Program Files\_ISDEL.EXE

 

========== Files - Modified Within 30 Days ==========

 

[2011-03-13 10:06:35 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job

[2011-03-13 10:02:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GC\Bureau\OTL.exe

[2011-03-13 10:00:02 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

[2011-03-12 20:39:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-03-11 19:48:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-03-11 19:48:15 | 000,228,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011-03-11 16:40:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011-03-09 21:04:00 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011-03-09 10:12:19 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office FrontPage 2003.lnk

[2011-02-27 16:02:22 | 000,010,584 | ---- | M] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini

[2011-02-27 16:01:54 | 000,000,130 | -H-- | M] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys

[2011-02-27 15:59:04 | 000,360,580 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll

 

========== Files Created - No Company Name ==========

 

[2011-03-09 21:03:50 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011-02-27 15:59:04 | 000,000,130 | -H-- | C] () -- C:\Documents and Settings\GC\Application Data\lakerda1967.sys

[2011-02-27 15:57:46 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\GC\Application Data\docXConverter (3).ini

[2010-08-30 20:07:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2010-07-02 19:51:28 | 000,000,583 | ---- | C] () -- C:\WINDOWS\System32\Raccourci vers notepad.exe.lnk

[2010-01-02 13:51:41 | 000,000,125 | ---- | C] () -- C:\WINDOWS\FlashDecompiler.INI

[2009-07-24 15:01:08 | 000,049,552 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009-05-25 11:54:42 | 000,125,177 | ---- | C] () -- C:\WINDOWS\hpqins00.dat

[2007-08-05 11:01:32 | 000,146,750 | ---- | C] () -- C:\WINDOWS\HPHins13.dat

[2007-08-05 11:01:32 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat

[2007-08-05 10:01:15 | 000,111,770 | ---- | C] () -- C:\WINDOWS\hpqins15.dat

[2007-05-18 20:32:45 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini

[2006-07-16 10:13:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006-07-16 10:12:49 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2006-07-15 20:48:57 | 015,037,696 | ---- | C] () -- C:\Program Files\20060715-006-x86.exe

[2005-12-07 15:53:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini

[2005-12-07 15:05:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005-09-25 13:14:06 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2005-08-12 09:15:01 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll

[2005-08-12 09:15:01 | 000,000,674 | ---- | C] () -- C:\WINDOWS\tsc.ini

[2005-08-12 09:14:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2005-06-23 10:19:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2005-06-23 10:18:43 | 000,014,326 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2005-04-06 13:42:00 | 000,045,056 | ---- | C] () -- C:\Program Files\Psp8bf.pfl

[2005-03-20 15:50:04 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config

[2005-03-14 13:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2005-03-12 08:58:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005-03-04 14:10:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe

[2004-12-08 16:30:16 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Graphex3.ini

[2004-11-28 16:50:59 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2004-09-14 14:56:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DBQARM.dll

[2004-08-19 15:07:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004-08-19 15:07:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CBLEIJI.ini

[2004-04-29 09:45:35 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\fusioncache.dat

[2004-04-24 12:12:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2004-03-05 15:07:03 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\GC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004-03-01 16:03:55 | 000,000,076 | ---- | C] () -- C:\WINDOWS\KMGDI.INI

[2004-03-01 13:56:54 | 000,000,755 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004-02-27 18:27:40 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2004-02-27 18:19:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004-02-27 18:14:13 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004-02-27 11:25:16 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004-02-27 11:24:16 | 000,228,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003-08-29 14:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_03-20-2005_11h21.ini

[2003-08-29 14:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_20h56.ini

[2003-08-29 14:26:36 | 000,002,065 | ---- | C] () -- C:\WINDOWS\my_02-12-2005_19h39.ini

[2003-08-23 00:01:48 | 000,744,128 | ---- | C] () -- C:\Program Files\_SETUP.1

[2003-08-23 00:01:48 | 000,000,511 | ---- | C] () -- C:\Program Files\SETUP.PKG

[2003-08-23 00:01:48 | 000,000,005 | ---- | C] () -- C:\Program Files\DISK1.ID

[2003-08-23 00:01:46 | 000,210,195 | ---- | C] () -- C:\Program Files\_SETUP.LIB

[2003-08-23 00:01:46 | 000,000,029 | ---- | C] () -- C:\Program Files\SETUP.INI

[2003-04-24 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003-04-24 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003-04-24 08:00:00 | 000,570,506 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2003-04-24 08:00:00 | 000,493,216 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003-04-24 08:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2003-04-24 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003-04-24 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003-04-24 08:00:00 | 000,113,862 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2003-04-24 08:00:00 | 000,094,504 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003-04-24 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003-04-24 08:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2003-04-24 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003-04-24 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003-04-24 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1999-07-23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999-07-23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1999-04-08 12:26:40 | 000,081,342 | ---- | C] () -- C:\Program Files\SETUP.INS

[1999-03-23 10:12:22 | 000,294,079 | ---- | C] () -- C:\Program Files\_INST32I.EX_

[1999-01-22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

========== LOP Check ==========

 

[2010-01-02 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009-01-11 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011-01-16 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1

[2010-08-02 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0

[2008-08-05 09:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ

[2010-05-28 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express

[2009-05-25 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC

[2008-10-26 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum

[2007-08-09 09:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress

[2008-02-01 13:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache

[2010-01-02 17:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean

[2008-06-03 09:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software

[2010-09-05 16:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2004-11-09 15:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media

[2006-07-22 11:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center

[2005-05-15 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView

[2011-03-13 10:00:02 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job

[2011-03-13 10:06:35 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD958403-7332-4CDC-9CDD-9F1D4B9B2B70}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %ALLUSERSPROFILE%\Application Data\*. >

[2010-10-09 16:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2008-01-11 14:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2007-04-12 09:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010-02-09 13:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010-02-09 13:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira(3)

[2007-08-04 11:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

[2007-08-05 11:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP

[2008-11-06 16:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

[2007-08-05 11:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY

[2008-09-12 14:23:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2008-11-03 15:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009-12-29 16:08:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2006-07-17 15:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2007-06-17 08:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2009-12-30 16:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2005-06-23 09:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2006-11-21 11:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010-07-28 09:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010-01-02 14:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007-08-04 11:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG

[2005-10-13 08:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009-01-11 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2010-09-21 14:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AcrobatUpdater.exe

[2010-09-21 14:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\AdobeARM.exe

[2010-09-21 14:37:40 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19632\ReaderUpdater.exe

[2009-01-06 14:50:48 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe

[2009-07-01 20:17:38 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe

[2011-03-12 12:31:24 | 000,405,249 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe

[2009-05-14 09:56:20 | 002,967,799 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

 

< %APPDATA%\*. >

[2010-09-05 16:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Adobe

[2006-07-31 15:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\AdobeUM

[2009-07-24 14:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Apple Computer

[2011-01-16 17:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1

[2007-08-09 13:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Creative

[2009-02-11 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ESTsoft

[2009-12-30 16:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Google

[2010-08-02 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\gtk-2.0

[2004-03-02 18:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Help

[2007-08-04 11:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HP

[2011-03-12 20:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\HpUpdate

[2008-08-05 09:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\ICQ

[2006-08-08 10:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Identities

[2010-05-28 07:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Image Zone Express

[2009-05-25 20:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\IPC

[2008-10-26 10:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\JAlbum

[2007-02-21 15:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Lavasoft

[2004-12-25 10:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Macromedia

[2008-11-03 15:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Malwarebytes

[2011-03-09 15:33:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\GC\Application Data\Microsoft

[2005-06-27 10:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Microsoft Web Folders

[2011-03-09 21:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Mozilla

[2007-06-17 08:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\MSN6

[2007-08-09 09:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\PhotoInPress

[2008-02-01 13:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Printer Info Cache

[2005-12-09 12:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Real

[2010-01-02 17:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\scriptocean

[2006-11-21 11:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Skype

[2004-03-23 10:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Sun

[2004-02-27 19:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Symantec

[2005-06-25 18:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Talkback

[2008-06-03 09:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TuneUp Software

[2010-09-05 16:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2004-11-09 15:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Visicom Media

[2006-07-22 11:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\Windows Live Safety Center

[2008-04-05 14:20:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\WinRAR

[2005-05-15 12:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GC\Application Data\XnView

 

< %APPDATA%\*.exe /s >

[2011-03-09 15:33:31 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\GC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

 

< %SYSTEMDRIVE%\*.exe >

[2005-04-01 12:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe

 

< %SYSTEMDRIVE%\*.exe >

[2005-04-01 12:18:54 | 000,632,528 | ---- | M] (Symantec Corporation) -- C:\sevinst.exe

 

 

< MD5 for: AGP440.SYS >

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008-04-13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004-08-04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2003-04-24 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008-04-13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004-08-04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 

< MD5 for: CDROM.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008-04-13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008-04-13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[2004-08-04 01:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

 

< MD5 for: CHANGER.SYS >

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys

[2008-04-13 14:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

[2004-08-04 02:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

 

< MD5 for: DISK.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys

[2004-08-04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

[2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys

[2008-04-13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

 

< MD5 for: EVENTLOG.DLL >

[2004-08-19 19:09:25 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008-04-13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008-04-13 22:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2007-06-13 09:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007-06-13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008-04-13 22:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

< MD5 for: NDIS.SYS >

[2008-04-13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008-04-13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2004-08-04 02:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2008-04-13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008-04-13 22:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2004-08-19 19:09:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: RASACD.SYS >

[2003-04-24 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys

[2003-04-24 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

 

< MD5 for: RDPWD.SYS >

[2005-06-10 00:06:01 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys

[2008-04-13 22:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys

[2008-04-13 22:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys

[2005-06-10 00:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$hf_mig$\KB899591\SP2GDR\rdpwd.sys

[2005-06-10 00:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys

 

< MD5 for: SCECLI.DLL >

[2004-08-19 19:09:39 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008-04-13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008-04-13 22:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

 

< MD5 for: SFLOPPY.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:Sfloppy.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Sfloppy.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys

[2004-08-04 01:59:54 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys

[2008-04-13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys

[2008-04-13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys

 

< MD5 for: SPLITTER.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:splitter.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:splitter.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys

[2006-06-14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys

[2006-06-14 04:50:19 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys

[2008-04-13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys

[2008-04-13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys

 

< MD5 for: SWMIDI.SYS >

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys

[2008-04-13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys

[2008-04-13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys

[2001-08-17 23:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys

 

< MD5 for: TCPIP.SYS >

[2006-01-13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[2006-01-12 22:28:14 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=583E063FDC888CA30D05C2724B0D7EF4 -- C:\WINDOWS\$hf_mig$\KB913446\SP2GDR\tcpip.sys

[2005-05-25 15:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[2007-10-30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[2005-05-25 15:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$hf_mig$\KB893066\SP2GDR\tcpip.sys

[2007-10-30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

[2008-04-13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008-06-20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008-06-20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2008-06-20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[2006-04-20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

 

< MD5 for: TDPIPE.SYS >

[2004-08-19 19:10:18 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys

[2008-04-13 22:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys

[2008-04-13 22:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys

 

< MD5 for: TDTCP.SYS >

[2008-04-13 22:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys

[2008-04-13 22:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys

[2004-08-19 19:10:18 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys

 

< MD5 for: USBPRINT.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbprint.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbprint.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys

[2004-08-04 02:01:24 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys

[2008-04-13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys

[2008-04-13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys

 

< MD5 for: USBSCAN.SYS >

[2003-04-24 08:00:00 | 010,179,564 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:usbscan.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys

[2006-08-08 11:54:53 | 022,282,803 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbscan.sys

[2008-07-09 10:33:31 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys

[2008-04-13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys

[2008-04-13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys

[2004-08-04 01:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys

 

< MD5 for: USERINIT.EXE >

[2004-08-19 19:10:03 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008-04-13 22:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: WINLOGON.EXE >

[2004-08-19 19:10:04 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008-04-13 22:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2010-12-20 19:53:03 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< >

 

< >

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F4CA4D70

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

 

< End of report >

 

 

OTL Extras logfile created on: 2011-03-13 10:05:35 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GC\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

 

239,00 Mb Total Physical Memory | 45,00 Mb Available Physical Memory | 19,00% Memory free

826,00 Mb Paging File | 288,00 Mb Available in Paging File | 35,00% Paging File free

Paging file location(s): C:\pagefile.sys 600 720 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37,27 Gb Total Space | 22,64 Gb Free Space | 60,74% Space Free | Partition Type: NTFS

 

Computer Name: GHISLAINE | User Name: GC | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorateur Windows -- (Microsoft Corporation)

"C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe:*:Enabled:javaw -- ()

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)

"C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe" = C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe:*:Enabled:mysqld

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0012040C-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24B3EFAE-D2C4-438C-BBF5-49B970A771B6}" = Microsoft Visual Basic 2005 Express Edition - FRA

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 21

"{2D6ED011-055B-4041-B198-BB903827EBFB}" = Safari

"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46325B79-C284-4ef2-8CDD-3A9E7A1A05AB}" = D2400

"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F51CDE0-1391-878A-C593-BD340AD9D0DE}" = TweetDeck

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04

"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05

"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06

"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger

"{7EF7CCB0-52BF-4947-BE6E-E47D586E8842}" = D2400_Help

"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{9017040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.2 - Français

"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA

"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req

"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes

"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ALUpdate_is1" = ALUpdate

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"docXConverter3_is1" = docXConverter 3.1.2

"EasyPHP_is1" = EasyPHP 1.8

"FileZilla" = FileZilla (remove only)

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Jalbum_0" = Jalbum 8.0

"KeyView for Lotus" = KeyView for Lotus 97

"KittyKitty" = KittyKitty Screen Saver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"PhotoFiltre" = PhotoFiltre

"Picasa 3" = Picasa 3

"PROSet" = Intel® PRO Network Adapters and Drivers

"Scriptocean Javascript Accordion Menu" = Scriptocean Javascript Accordion Menu 1

"Shockwave" = Shockwave

"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck

"WIC" = Windows Imaging Component

"Windows Live Safety Scanner" = Windows Live Safety Scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinLiveSuite_Wave3" = Installation Windows Live

"WinRAR archiver" = Archiveur WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2011-03-09 19:50:00 | Computer Name = GHISLAINE | Source = Apache Service | ID = 3299

Description = The Apache service named C:\PROGRA~1\EASYPH~1\Apache\apache.exe reported

the following error: >>> fopen: No such file or directory <<< before the error.log

file could be opened. More information may be available in the error.log file.

.

 

Error - 2011-03-09 19:50:00 | Computer Name = GHISLAINE | Source = Apache Service | ID = 3299

Description = The Apache service named C:\PROGRA~1\EASYPH~1\Apache\apache.exe reported

the following error: >>> apache.exe: could not open document config file c:/program

files/easyphp1-7/apache/conf/httpd.conf <<< before the error.log file could be

opened. More information may be available in the error.log file. .

 

Error - 2011-03-09 19:55:48 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-11 11:22:05 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-12 14:27:54 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée msimn.exe, version 6.0.2900.5512, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-12 14:30:22 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-12 14:57:29 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-12 16:34:57 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-12 17:13:26 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

Error - 2011-03-12 21:23:09 | Computer Name = GHISLAINE | Source = Application Hang | ID = 1002

Description = Application bloquée iexplore.exe, version 8.0.6001.18702, module bloqué

hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

 

[ System Events ]

Error - 2011-03-11 19:49:01 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000

Description = Le service Apache n'a pas pu démarrer en raison de l'erreur : %%3

 

Error - 2011-03-11 19:49:01 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000

Description = Le service MySql n'a pas pu démarrer en raison de l'erreur : %%3

 

Error - 2011-03-11 19:50:39 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7022

Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

 

Error - 2011-03-12 17:22:06 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000

Description = Le service Apache n'a pas pu démarrer en raison de l'erreur : %%3

 

Error - 2011-03-12 17:22:06 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000

Description = Le service MySql n'a pas pu démarrer en raison de l'erreur : %%3

 

Error - 2011-03-12 17:23:34 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7022

Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

 

Error - 2011-03-12 20:37:34 | Computer Name = GHISLAINE | Source = DCOM | ID = 10010

Description = Le serveur {AF33D987-474A-4EC8-ABDF-95BFF906C469} ne s'est pas enregistré

sur DCOM avant la fin du temps imparti.

 

Error - 2011-03-12 20:39:44 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000

Description = Le service Apache n'a pas pu démarrer en raison de l'erreur : %%3

 

Error - 2011-03-12 20:39:44 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7000

Description = Le service MySql n'a pas pu démarrer en raison de l'erreur : %%3

 

Error - 2011-03-12 20:42:07 | Computer Name = GHISLAINE | Source = Service Control Manager | ID = 7022

Description = Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

 

 

< End of report >

Modifié le 13 mars 2011 par Jisca

[jeanmimigab]

hello,

 

c'est pas mal tout ça...

 

* Fais un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

 

 

:Files

C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk

C:\sevinst.exe

 

:OTL

PRC - C:\WINDOWS\FSScrCtl.exe (Stardust Software)

SRV - (MySql) -- File not found

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (Apache) -- File not found

O4 - Startup: C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1004\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

 

:Commands

[emptytemp]

[EMPTYFLASH]

 

* Cliques sur l'icône "Correction" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport va s'ouvrir "OTL.Txt"

* Copie et colle le rapports dans ta réponse stp...

* Au cas où, tu peux le retrouver dans le dossier C:\OTL

 

Ensuite dit moi comment se comporte ton PC

 

@++

Modifié le 13 mars 2011 par jeanmimigab

[Jisca]

hello,

 

c'est pas mal tout ça...

 

* Fais un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

 

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

 

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

 

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

 

 

 

 

* Cliques sur l'icône "Correction" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport va s'ouvrir "OTL.Txt"

* Copie et colle le rapports dans ta réponse stp...

* Au cas où, tu peux le retrouver dans le dossier C:\OTL

 

Ensuite dit moi comment se comporte ton PC

 

@++

 

 

Allô

 

Nette amélioration sur navigation et tout ...

 

 

dernier rapport

 

All processes killed

========== FILES ==========

C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk moved successfully.

C:\sevinst.exe moved successfully.

========== OTL ==========

No active process named FSScrCtl.exe was found!

Service MySql stopped successfully!

Service MySql deleted successfully!

File File not found not found.

Service HidServ stopped successfully!

Service HidServ deleted successfully!

File File not found not found.

Service AppMgmt stopped successfully!

Service AppMgmt deleted successfully!

File File not found not found.

Service Apache stopped successfully!

Service Apache deleted successfully!

File File not found not found.

File move failed. C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk scheduled to be moved on reboot.

C:\WINDOWS\FSScrCtl.exe moved successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-21-343818398-1960408961-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: GC

->Temp folder emptied: 21002309 bytes

->Temporary Internet Files folder emptied: 186550915 bytes

->Java cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 792 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 660554 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 115879 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 1558 bytes

 

Total Files Cleaned = 199,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: GC

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 03132011_142615

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\GC\Menu Démarrer\Programmes\Démarrage\Screen Saver Control.lnk not found!

File\Folder C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\Y78ZNR9G\Essais_[qXD4fb]. not found!

C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\V440Y70H\AP_ADV_728x90[1].htm moved successfully.

C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\R0WEKU4K\afr[1].htm moved successfully.

C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\R0WEKU4K\analyse-de-hijackthis-t183659[1].html moved successfully.

C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\CWGMRRZ3\AP_CPL_728x90[1].htm moved successfully.

C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\Content.IE5\CWGMRRZ3\ban_home_728x90[1].htm moved successfully.

C:\Documents and Settings\GC\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 

Registry entries deleted on Reboot...

Modifié le 13 mars 2011 par Jisca

[jeanmimigab]

Bonsoir,

 

C'est tout bon, relance OTL et clique sur "Purge outil" pour désinstaller les outils utilisés...et accepte le redémarrage du PC par OTL.

 

ensuite il faut créer un point de restauration propre et supprimer ceux infecté en purgeant la restauration système, pour cela utilise OneClick2RP de Laddy

Téléchargement et tuto ici

http://forum.zebulon.fr/tuto-oneclick2rp-de-laddy-t182122.html

 

ensuite...

 

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers et nettoyer la base de registre Windows fais cela...

 

 

• Télécharge et installe Ccleaner en te rendant sur >> cette page <<
  
• Clique en haut à droite de la page sur "Download Lastest Version" pour lancer le téléchargement.
  
• Installe le et lance le...
  
• Dans la barre d'outil à gauche, clique sur "Nettoyer" (en bas à droite)
  
• Recommence cette opération jusqu'à ce que le message "0 octets supprimés" apparaisse dans la fenêtre de résultat.
  
• Pour info ce nettoyage peu aussi s'effectuer de manière transparente collant Ccleaner /auto dans la commande "Exécuter" du menu démarrer.
   
  Nettoyer aussi ton registre en cliquant sur "Registre" dans la barre d'outils à gauche.
  
• Clique ensuite sur "chercher des erreurs" en bas de la fenêtre, puis clique sur "corriger les erreurs sélectionnées".
  
• Accepte la sauvegarde du registre proposée et suis les instructions de Ccleaner.
  
• Pour info tu peux ouvrir Ccleaner directement à la rubrique "Registre" en collant Ccleaner /registry dans la fenêtre de commande "Exécuter" du menu démarrer.
   
  
• Si tu as besoin tu as un tutoriel >> ici <<

 

=====================================================================================================

 

Pense à mettre à jours Windows:

 

• La méthode la plus simple et l'utilisation de "Windows Update" qui se trouve dans ton menu démarrer

 

 

Pense à mettre à jours Java:

 

• La méthode la plus simple et l'utilisation de >> JavaRa <<

 

Pense à mettre à jour Acrobat reader si il est installé sur ton PC de cette manière:

 

• Ouvre Acrobat reader, clique sur "aide" et choisis "rechercher des mises à jours..."

 

=====================================================================================================

 

 

un peu de lecture sur la manière de protéger ton surf et ton ordinateur:

 

• un Compte Utilisateur limité accroît la sécurité de l'ordinateur.
   
  
• Quelques mesures préventives pour surfer couvert.
   
  
• Comment éviter les imprudences d'installation.
   
  
• Reconnaitre et éviter les infections Msn.
   
  
• Si tu utilises "Face Book", lis >> cet article << afin de ne pas te faire piéger

 

Bonne semaine à toi & @+

[Jisca]

Bonsoir,

 

C'est tout bon, relance OTL et clique sur "Purge outil" pour désinstaller les outils utilisés...et accepte le redémarrage du PC par OTL.

 

ensuite il faut créer un point de restauration propre et supprimer ceux infecté en purgeant la restauration système, pour cela utilise OneClick2RP de Laddy

Téléchargement et tuto ici

http://forum.zebulon.fr/tuto-oneclick2rp-de-laddy-t182122.html

 

ensuite...

 

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers et nettoyer la base de registre Windows fais cela...

 

 

• Télécharge et installe Ccleaner en te rendant sur >> cette page <<
  
• Clique en haut à droite de la page sur "Download Lastest Version" pour lancer le téléchargement.
  
• Installe le et lance le...
  
• Dans la barre d'outil à gauche, clique sur "Nettoyer" (en bas à droite)
  
• Recommence cette opération jusqu'à ce que le message "0 octets supprimés" apparaisse dans la fenêtre de résultat.
  
• Pour info ce nettoyage peu aussi s'effectuer de manière transparente collant Ccleaner /auto dans la commande "Exécuter" du menu démarrer.
   
  Nettoyer aussi ton registre en cliquant sur "Registre" dans la barre d'outils à gauche.
  
• Clique ensuite sur "chercher des erreurs" en bas de la fenêtre, puis clique sur "corriger les erreurs sélectionnées".
  
• Accepte la sauvegarde du registre proposée et suis les instructions de Ccleaner.
  
• Pour info tu peux ouvrir Ccleaner directement à la rubrique "Registre" en collant Ccleaner /registry dans la fenêtre de commande "Exécuter" du menu démarrer.
   
  
• Si tu as besoin tu as un tutoriel >> ici <<

 

=====================================================================================================

 

Pense à mettre à jours Windows:

 

• La méthode la plus simple et l'utilisation de "Windows Update" qui se trouve dans ton menu démarrer

 

 

Pense à mettre à jours Java:

 

• La méthode la plus simple et l'utilisation de >> JavaRa <<

 

Pense à mettre à jour Acrobat reader si il est installé sur ton PC de cette manière:

 

• Ouvre Acrobat reader, clique sur "aide" et choisis "rechercher des mises à jours..."

 

=====================================================================================================

 

 

un peu de lecture sur la manière de protéger ton surf et ton ordinateur:

 

• un Compte Utilisateur limité accroît la sécurité de l'ordinateur.
   
  
• Quelques mesures préventives pour surfer couvert.
   
  
• Comment éviter les imprudences d'installation.
   
  
• Reconnaitre et éviter les infections Msn.
   
  
• Si tu utilises "Face Book", lis >> cet article << afin de ne pas te faire piéger

 

Bonne semaine à toi & @+

 

 

Bonjour,

 

Je te remercie infiniment pour tout ce travail effectué (étalé sur 4 jours) c'est pas rien

 

Merci aussi pour ta grande disponibilité,

la clarté dans les démarches proposées,

ton assiduité à me répondre

Ça fait deux fois que je viens ici pour demander de l'aide

et j'ai toujours reçu un excellent service !

 

Merci à L'équipe aussi, vous faites un travail formidable !

 

Bonne semaine à toi aussi !

:super:

Modifié le 13 mars 2011 par Jisca