éradication malware détectés par ZHP

béotien46 · le 20 mars 2011

depuis que j'ai fait les opérations avec ZHPfix, je ne peux plus me servir de mon PC :aucun clavier, aucune souris ne répondent ; j'ai essayé en mode sans échec, rien. Là, j'interviens à partir d'un autre ordinateur dispo ce week-end, mais je ne sais pas comment je vais pouvoir réutiliser le mien et communiquer à nouveau avec vous. Assez catastrophé...

béotien46

béotien46 · le 20 mars 2011

pour préciser un peu : xp se charge, pas de souris (avec ou sans fil), pas de clavier non plus, aucun périphérique ne réagit, avast ne se charge pas, pas de connexion internet. le clavier peut être utilisé au lancement pour aller sur le bios ou choisir les modes de lancement (sans échec, invite commande,...)

beotien

pear · le 20 mars 2011

Avant tout, il vous faut une autre machine en état de marche disposant d'un graveur où vous insérez un disque vierge(cd ou dvd)

Sur la machine malade,vérifier l'ordre du boot dans le BIOS et mettre le lecteur cd(dvd) en premier(First boot)

Télécharger OTLPEStd.exe

Ou à partir de ce lien

sur le Bureau

Le fichier fait plus de 97MB, soyez donc patient pour le téléchargement.

Lancez le fichier OTLPEStd.exe ;

Un fichier .iso inclus dans le téléchargement sera gravé sur le disque vierge qui permettra d'avoir accès aux fichiers de la machine malade.

Insèrez le disque gravé sur la machine infectée et démarrez à partir de ce disque.

Si tout va bien, la machine démarrera sur l'environnement OTLPE

Lors du démarrage de OTLPE.exe il sera demandé à l'utilisateur s'il veut charger le Registre distant et il doit choisir Yes/Oui.

Ensuite, il lui sera demandé s'il veut charger les profils utilisateur distants, et il devra de nouveau choisir Yes/Oui.

Enfin, une liste des profils distants trouvés sera affichée, avec l'option par défaut de les charger tous, et l'utilisateur devra une fois encore choisir Yes/Oui.

S'il ne respecte pas cette procédure, il ne verra pas les comptes d'utilisateur distants.

Double-click sur l'icone OTLPE

A la demande "Do you wish to load the remote registry"->choisir Yes

et "Do you wish to load remote user profile(s) for scanning"->choisir Yes

vérifier que "Automatically Load All Remaining Users" est sélectionné et presser OK

L' écran d'OTLPE s'affiche:

Vérifier que les paramètres sont identiques à ceux de l'image ci-dessus.

sous Custom Scan/Fixes copier_coller le contenu ci dessous ,en vert :

netsvcs

drivers32

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

wininit.exe

taskmgr.exe

userinit.exe

csrss.exe

winlogon.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

cdrom.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

i8042prt.sys

imapi.sys

ipsec.sys

kbdclass.sys

kbdhid.sys

mouclass.syss

mrxsmb.sys

netbios.sys

netbt.sys

processr.sys

rasacd.sys

rdbss.sys

RDPCDD.sys s

redbook.sys

serial.sys

tcpip.sys

termdd.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

clic Run Scan .

le scan terminé , le fichier se trouve là C:\OTL.txt

Modifié le 20 mars 2011 par pear

béotien46 · le 20 mars 2011

opérations effectuées ; scan terminé ; quand j'essaie de fermer OTLPE, impossible ; si je relance le PC tjrs rien de changé.

Dans 1 h je n'aurais plus d'autre ordi pour communiquer avec vous.

Quelle suite à donner ?

Beotien

pear · le 20 mars 2011

Vous ne pouvez pas poster le rapport Otlpe ?

Sans lui , je ne peux rien faire .

Modifié le 20 mars 2011 par pear

béotien46 · le 20 mars 2011

OTL logfile created on: 3/20/2011 3:41:01 PM - Run

OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.2180)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 546.00 Mb Available Physical Memory | 71.00% Memory free

707.00 Mb Paging File | 587.00 Mb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files

Drive C: | 21.04 Gb Total Space | 10.08 Gb Free Space | 47.92% Space Free | Partition Type: NTFS

Drive D: | 128.01 Gb Total Space | 121.86 Gb Free Space | 95.20% Space Free | Partition Type: NTFS

Drive F: | 1.87 Gb Total Space | 1.76 Gb Free Space | 93.67% Space Free | Partition Type: FAT

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/01/24 09:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2011/01/10 10:24:20 | 000,993,848 | ---- | M] (Secunia) [Disabled] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)

SRV - [2011/01/10 10:24:20 | 000,399,416 | ---- | M] (Secunia) [Disabled] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2010/10/28 06:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/06/11 12:14:22 | 000,312,152 | ---- | M] (IObit) [Auto] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)

SRV - [2010/03/04 18:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [Auto] -- C:\WINDOWS2\System32\lxcrcoms.exe -- (lxcr_device)

SRV - [2005/11/13 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 15:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)

DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS2\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS2\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS2\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS2\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS2\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS2\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS2\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS2\system32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/08/24 13:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/08/24 13:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/08/24 13:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto] -- C:\WINDOWS2\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2010/08/09 07:00:30 | 000,006,080 | ---- | M] (TwinSSoft Co.) [Kernel | System] -- C:\WINDOWS2\system32\drivers\UNIDRV.SYS -- (Dev_UNIDRV)

DRV - [2010/05/01 08:05:04 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)

DRV - [2010/02/11 06:59:18 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS2\system32\drivers\videX32.sys -- (videX32)

DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS2\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009/06/30 05:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINDOWS2\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2007/08/07 12:33:12 | 004,108,992 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/08/03 17:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/03 17:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS2\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2003/08/04 08:22:44 | 000,016,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS2\system32\PCANDIS5.SYS -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:

IE - HKU\.DEFAULT\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\claude.TITANIUMV2COMPU_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm

IE - HKU\claude.TITANIUMV2COMPU_ON_C\Software\Microsoft\Internet Explorer\Main,Start page = Google

IE - HKU\claude.TITANIUMV2COMPU_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\claude.TITANIUMV2COMPU_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\claude.TITANIUMV2COMPU_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\claude.TITANIUMV2COMPU_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService.AUTORITE_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\LocalService.AUTORITE_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:

IE - HKU\NetworkService.AUTORITE_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google

IE - HKU\NetworkService.AUTORITE_NT_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ecosia"

FF - prefs.js..browser.startup.homepage: "http://ecosia.org/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}:0.2.10

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8

FF - prefs.js..extensions.enabledItems: {BC0AE9E6-E549-4554-A222-EA083A894683}:1.0.0.47

FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908

FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8

FF - prefs.js..extensions.enabledItems: collector@broceliand.fr:5.2.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1

FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..extensions.enabledItems: john@velvetcache.org:1.3.3

FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0

FF - prefs.js..keyword.URL: "http://ecosia.org/lucky.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/03/02 14:00:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/16 12:27:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/16 08:39:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009/10/22 04:49:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011/03/16 08:39:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/05 07:35:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/03/16 08:39:42 | 000,000,000 | ---D | M]

[2009/12/18 08:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Extensions

[2009/12/18 08:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/03/19 04:13:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions

[2010/11/26 02:04:53 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}

[2010/01/27 10:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{35f30c40-35d4-11d9-8dbc-000c6e787ef7}

[2010/04/01 11:12:51 | 000,000,000 | ---D | M] (MyWords) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{3892FE4C-6DCB-4669-9D01-E23BB9FB61FB}

[2011/02/16 05:12:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010/09/11 09:27:34 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/09/26 08:59:48 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

[2010/11/06 07:19:17 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2009/11/14 12:51:10 | 000,000,000 | ---D | M] (QuickUpload) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{BC0AE9E6-E549-4554-A222-EA083A894683}

[2011/01/27 04:08:28 | 000,000,000 | ---D | M] (Ecosia - The Green Search) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}

[2011/01/05 03:00:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/01/27 10:24:10 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}

[2010/11/12 11:00:55 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}

[2011/01/05 03:00:18 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\collector@broceliand.fr

[2011/02/25 08:23:43 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\DeviceDetection@logitech.com

[2011/03/13 10:44:21 | 000,000,000 | ---D | M] (Beef Taco (Targeted Advertising Cookie Opt-Out)) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\john@velvetcache.org

[2010/09/26 08:59:44 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\personas@christopher.beard

[2011/02/03 05:06:47 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\extensions\tabscope@xuldev.org

[2011/03/20 07:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Sunbird\Profiles\1a5b0q84.default\extensions

[2009/11/12 12:08:01 | 000,000,000 | ---D | M] (OxyBird) -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Sunbird\Profiles\1a5b0q84.default\extensions\{4014fd56-67cb-4dd9-8d89-1021a2d759d9}

[2010/09/24 09:29:15 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\searchplugins\bing.xml

[2009/01/19 04:20:28 | 000,010,952 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\searchplugins\gutenberg.xml

[2007/12/13 05:50:34 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\searchplugins\portail-lexical---cnrtl.xml

[2009/12/13 06:53:17 | 000,003,729 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mozilla\Firefox\Profiles\dyzmd3j5.default\searchplugins\Searcheo.xml

[2011/03/18 10:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/03 10:47:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/04 14:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/02/18 11:51:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/03/02 14:00:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2010/05/03 10:46:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/02/02 16:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/10/22 06:08:26 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/10/22 06:08:26 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/10/22 06:08:26 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/10/22 06:08:26 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/10/22 06:08:26 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/11/01 12:49:39 | 000,376,672 | R--- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 12985 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll ()

O3 - HKU\claude.TITANIUMV2COMPU_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.

O3 - HKU\claude.TITANIUMV2COMPU_ON_C\..\Toolbar\WebBrowser: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No CLSID value found.

O3 - HKU\claude.TITANIUMV2COMPU_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [Dimension4] C:\Program Files\D4\D4.exe (Thinking Man Software)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS2\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)

O4 - HKU\LocalService.AUTORITE_NT_ON_C..\RunOnce: [tscuninstall] C:\WINDOWS2\system32\tscupgrd.exe (Microsoft Corporation)

O4 - HKU\NetworkService.AUTORITE_NT_ON_C..\RunOnce: [tscuninstall] C:\WINDOWS2\system32\tscupgrd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChooseProgramsPage = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChooseProgramsPage = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChooseProgramsPage = 1

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\claude.TITANIUMV2COMPU_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: New Application = C:\Program Files\Mozilla Sunbird\sunbird.exe (Mozilla)

O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChooseProgramsPage = 1

O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\LocalService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChooseProgramsPage = 1

O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0

O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1

O7 - HKU\NetworkService.AUTORITE_NT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS2\System32\GPhotos.scr (Google Inc.)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer.com/antivirus/Msie/bitdefender.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS2\System32\XPize_Logon.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS2\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - Unable to open key or key not present!

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS2\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS2\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS2\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS2\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS2\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS2\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS2\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS2\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 06:58:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Recent

[2011/03/18 05:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS2\BDOSCAN8

[2011/03/16 10:02:28 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS2\System32\drivers\pavboot.sys

[2011/03/02 14:00:20 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswSnx.sys

[2011/02/28 13:16:36 | 000,331,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\difxapi.dll

[2011/02/28 13:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\VIA

[2011/02/28 13:16:04 | 000,013,976 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS2\System32\drivers\videX32.sys

[2011/02/28 12:52:09 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS2\System32\drivers\LNonPnP.sys

[2011/02/28 12:51:51 | 000,010,448 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS2\System32\drivers\LBeepKE.sys

[2011/02/28 12:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Documents\LogiShrd

[2011/02/28 12:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Logitech

[2011/02/28 12:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Logitech

[2011/02/28 12:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Logishrd

[2011/02/28 12:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\ma-config.com

[2011/02/28 08:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/02/26 09:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\Logitech

[2011/02/25 09:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\mresreg

[2011/02/25 09:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\IN-MEDIAKG

[2011/02/25 09:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\IntelligentShutdown

[2011/02/25 09:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\mresreg

[2011/02/25 08:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Logishrd

[2011/02/20 12:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Google

[2011/02/20 11:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Google SketchUp 8

[2008/05/12 10:31:44 | 000,622,632 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autoruns.exe

[2008/05/09 07:56:16 | 000,520,232 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\autorunsc.exe

[2007/09/13 03:31:27 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrinpa.dll

[2007/09/13 03:31:27 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcriesc.dll

[2007/09/13 03:31:27 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS2\System32\LXCRhcp.dll

[2007/09/13 03:31:26 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrusb1.dll

[2007/09/13 03:31:25 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrserv.dll

[2007/09/13 03:31:25 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrpmui.dll

[2007/09/13 03:31:25 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrprox.dll

[2007/09/13 03:31:25 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrpplc.dll

[2007/09/13 03:31:24 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrlmpm.dll

[2007/09/13 03:31:23 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrih.exe

[2007/09/13 03:31:22 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrcoms.exe

[2007/09/13 03:31:22 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrcomm.dll

[2007/09/13 03:31:21 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS2\System32\lxcrcomc.dll

[1 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/20 15:09:02 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\NTUSER.DAT

[2011/03/20 09:29:55 | 000,000,314 | ---- | M] () -- C:\WINDOWS2\tasks\GlaryInitialize.job

[2011/03/20 09:29:43 | 000,001,050 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job

[2011/03/20 09:29:42 | 000,000,266 | ---- | M] () -- C:\WINDOWS2\tasks\RegistryBooster.job

[2011/03/20 09:29:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS2\tasks\SA.DAT

[2011/03/20 09:29:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS2\bootstat.dat

[2011/03/20 07:49:05 | 000,001,054 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job

[2011/03/20 06:58:22 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\ntuser.ini

[2011/03/19 06:36:52 | 001,437,696 | ---- | M] () -- C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT

[2011/03/19 06:36:52 | 001,433,600 | ---- | M] () -- C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT

[2011/03/19 06:33:46 | 000,554,464 | ---- | M] () -- C:\WINDOWS2\System32\perfh00C.dat

[2011/03/19 06:33:46 | 000,460,912 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat

[2011/03/19 06:33:46 | 000,101,922 | ---- | M] () -- C:\WINDOWS2\System32\perfc00C.dat

[2011/03/19 06:33:46 | 000,076,786 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat

[2011/03/19 06:33:45 | 001,211,268 | ---- | M] () -- C:\WINDOWS2\System32\PerfStringBackup.INI

[2011/03/19 04:18:01 | 007,278,796 | -H-- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\IconCache.db

[2011/03/18 14:52:13 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2011/03/16 07:22:29 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/03/16 03:37:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl

[2011/03/13 14:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Glary Utilities

[2011/03/13 09:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/03/08 11:52:44 | 000,016,871 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\.recently-used.xbel

[2011/03/06 17:41:05 | 000,000,386 | ---- | M] () -- C:\WINDOWS2\tasks\SmartDefrag.job

[2011/03/04 15:49:08 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS2\System32\drivers\LNonPnP.sys

[2011/03/02 14:00:20 | 000,003,121 | ---- | M] () -- C:\WINDOWS2\System32\CONFIG.NT

[2011/03/01 06:19:53 | 004,812,598 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Bureau\arbre_talmont.jpg

[2011/02/28 12:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Logitech

[2011/02/28 12:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\ma-config.com

[2011/02/27 07:08:19 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Démarrage

[2011/02/26 03:32:00 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Bureau\Affichage.lnk

[2011/02/24 09:01:12 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk

[2011/02/23 11:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS2\avastSS.scr

[2011/02/23 11:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\aswBoot.exe

[2011/02/23 10:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswSnx.sys

[2011/02/23 10:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswSP.sys

[2011/02/23 10:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswTdi.sys

[2011/02/23 10:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswmon2.sys

[2011/02/23 10:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswmon.sys

[2011/02/23 10:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswRdr.sys

[2011/02/23 10:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aavmker4.sys

[2011/02/23 10:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS2\System32\drivers\aswFsBlk.sys

[2011/02/20 12:26:32 | 002,073,025 | ---- | M] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Mes documents\EnregistrementAuto_Sans titre.skp

[2011/02/20 11:58:04 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Bureau\Google SketchUp 8.lnk

[2011/02/20 11:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\Google SketchUp 8

[1 C:\WINDOWS2\*.tmp files -> C:\WINDOWS2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/18 14:55:40 | 007,278,796 | -H-- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\IconCache.db

[2011/03/16 07:22:29 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2011/03/16 03:42:32 | 004,812,598 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Bureau\arbre_talmont.jpg

[2011/03/08 11:52:44 | 000,016,871 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\.recently-used.xbel

[2011/02/26 03:32:00 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Bureau\Affichage.lnk

[2011/02/20 12:08:59 | 002,073,025 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Mes documents\EnregistrementAuto_Sans titre.skp

[2011/02/20 11:58:04 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Bureau\Google SketchUp 8.lnk

[2010/11/16 14:01:00 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\setup_ldm.iss

[2010/11/01 10:14:54 | 000,520,192 | ---- | C] () -- C:\WINDOWS2\System32\ati2sgag.exe

[2010/10/31 14:50:13 | 000,007,168 | ---- | C] () -- C:\WINDOWS2\System32\drivers\StarOpen.sys

[2010/09/29 07:36:33 | 000,210,032 | ---- | C] () -- C:\WINDOWS2\System32\DBCLIENT.DLL

[2010/09/23 05:40:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\housecall.guid.cache

[2010/08/16 12:53:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\prvlcl.dat

[2010/08/12 04:31:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS2\nsreg.dat

[2010/08/11 14:09:33 | 000,724,992 | ---- | C] () -- C:\Program Files\redeye.exe

[2010/08/07 08:18:24 | 003,265,024 | ---- | C] () -- C:\WINDOWS2\es.exe

[2010/08/06 15:37:46 | 008,912,896 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\NTUSER.DAT

[2010/08/06 15:37:45 | 001,437,696 | ---- | C] () -- C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT

[2010/08/06 15:37:44 | 001,433,600 | ---- | C] () -- C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT

[2010/08/03 03:25:07 | 000,000,451 | ---- | C] () -- C:\Program Files\GParted-Live-Version

[2010/07/26 05:51:56 | 000,017,982 | ---- | C] () -- C:\Program Files\COPYING

[2009/07/07 08:54:20 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\CDRusersDB.v12

[2009/07/04 04:10:36 | 000,109,816 | ---- | C] () -- C:\Program Files\winletmin.exe

[2009/06/10 11:59:25 | 000,000,019 | ---- | C] () -- C:\WINDOWS2\compedia.ini

[2009/03/06 16:08:38 | 000,008,804 | ---- | C] () -- C:\WINDOWS2\Q-Dir.ini

[2008/11/07 06:38:47 | 000,277,432 | ---- | C] () -- C:\Program Files\ZHPDiag.exe

[2008/08/26 08:31:43 | 005,135,625 | ---- | C] () -- C:\Program Files\movie maker.zip

[2008/08/26 08:31:04 | 001,249,710 | ---- | C] () -- C:\Program Files\Internet Explorer.zip

[2008/06/06 08:49:11 | 000,015,397 | ---- | C] () -- C:\Program Files\settings.dat

[2008/06/01 07:41:13 | 005,529,600 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\NTUSER.DAT.rdtmp

[2008/06/01 07:41:12 | 001,437,696 | ---- | C] () -- C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT.rdtmp

[2008/05/29 15:53:22 | 000,000,335 | ---- | C] () -- C:\WINDOWS2\mozregistry.dat

[2008/05/26 16:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS2\System32\gthrctr.ini

[2008/05/26 16:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS2\System32\idxcntrs.ini

[2008/05/26 16:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS2\System32\gsrvctr.ini

[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS2\System32\structuredqueryschematrivial.bin

[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS2\System32\structuredqueryschema.bin

[2008/05/19 07:54:57 | 000,000,142 | ---- | C] () -- C:\WINDOWS2\wininit.ini

[2008/05/08 03:20:48 | 000,048,476 | ---- | C] () -- C:\Program Files\autoruns.chm

[2008/02/05 15:19:35 | 000,000,041 | ---- | C] () -- C:\WINDOWS2\iltwain.ini

[2007/11/10 05:55:35 | 000,000,261 | ---- | C] () -- C:\WINDOWS2\diapo.ini

[2007/11/10 05:55:34 | 000,002,192 | ---- | C] () -- C:\WINDOWS2\winbirds.ini

[2007/11/02 04:00:08 | 000,000,206 | ---- | C] () -- C:\WINDOWS2\System32\eadabee5_r.dll

[2007/10/18 15:44:12 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\QTSBandwidthCache

[2007/09/23 10:55:15 | 000,000,671 | ---- | C] () -- C:\WINDOWS2\mozver.dat

[2007/09/22 08:50:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS2\System32\coclassfast.dll

[2007/09/16 04:53:12 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/09/16 04:52:17 | 000,002,143 | ---- | C] () -- C:\WINDOWS2\cdplayer.ini

[2007/09/14 02:45:52 | 000,000,041 | ---- | C] () -- C:\WINDOWS2\System32\afbacea_s.dll

[2007/09/13 03:35:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS2\System32\lxcrvs.dll

[2007/09/13 03:35:27 | 000,344,064 | ---- | C] () -- C:\WINDOWS2\System32\lxcrcoin.dll

[2007/09/13 03:34:52 | 000,692,224 | ---- | C] () -- C:\WINDOWS2\System32\lxcrdrs.dll

[2007/09/13 03:34:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS2\System32\lxcrcaps.dll

[2007/09/13 03:34:51 | 000,061,440 | ---- | C] () -- C:\WINDOWS2\System32\lxcrcnv4.dll

[2007/09/13 03:34:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS2\System32\LXPRMON.DLL

[2007/09/13 03:34:19 | 000,032,768 | ---- | C] () -- C:\WINDOWS2\System32\LXPMONUI.DLL

[2007/09/13 03:31:28 | 000,274,432 | ---- | C] () -- C:\WINDOWS2\System32\LXCRinst.dll

[2007/09/12 12:31:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS2\System32\ChCfg.exe

[2007/09/12 09:06:08 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2007/09/12 05:43:25 | 000,000,192 | ---- | C] () -- C:\WINDOWS2\disneysy.ini

[2007/09/12 05:35:03 | 000,001,203 | ---- | C] () -- C:\WINDOWS2\disney.ini

[2007/09/11 16:45:34 | 000,000,388 | ---- | C] () -- C:\WINDOWS2\ODBC.INI

[2007/02/06 18:58:00 | 000,000,901 | ---- | C] () -- C:\WINDOWS2\xxclone.ini

[2006/05/24 20:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS2\bdoscandel.exe

[2006/04/28 16:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS2\System32\atiicdxx.dat

[2005/03/14 09:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS2\bdoscandellang.ini

[2005/03/01 16:20:31 | 000,253,440 | ---- | C] () -- C:\WINDOWS2\System32\compatUI.dll

[2004/12/16 22:00:42 | 001,211,268 | ---- | C] () -- C:\WINDOWS2\System32\PerfStringBackup.INI

[2004/12/16 22:00:40 | 000,004,249 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI

[2004/12/16 21:58:42 | 000,263,824 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT

[2004/12/16 21:24:47 | 000,000,284 | -HS- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\ntuser.ini

[2004/12/16 21:24:45 | 009,437,184 | ---- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\NTUSER.DAT.gbck

[2004/12/16 21:24:45 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\claude.TITANIUMV2COMPU\NTUSER.DAT.bak_jv16pt

[2004/12/16 21:23:07 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.ini

[2004/12/16 21:23:06 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT.gbck

[2004/12/16 21:22:57 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.ini

[2004/12/16 21:22:55 | 001,433,600 | ---- | C] () -- C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT.gbck

[2004/12/16 21:21:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS2\bootstat.dat

[2004/12/16 21:11:01 | 000,000,488 | RH-- | C] () -- C:\WINDOWS2\System32\logonui.exe.manifest

[2004/12/16 21:10:48 | 000,000,749 | RH-- | C] () -- C:\WINDOWS2\System32\cdplayer.exe.manifest

[2004/12/16 21:08:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS2\System32\safrcdlg.dll

[2004/12/16 21:07:35 | 000,021,892 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat

[2004/12/16 21:07:19 | 000,000,037 | ---- | C] () -- C:\WINDOWS2\vbaddin.ini

[2004/12/16 21:07:19 | 000,000,036 | ---- | C] () -- C:\WINDOWS2\vb.ini

[2004/12/16 21:06:24 | 000,027,768 | ---- | C] () -- C:\WINDOWS2\System32\tslabels.ini

[2004/12/16 21:06:23 | 000,003,914 | ---- | C] () -- C:\WINDOWS2\System32\msdtcprf.ini

[2004/08/19 10:23:26 | 000,001,788 | ---- | C] () -- C:\WINDOWS2\System32\Dcache.bin

[2004/08/19 10:09:40 | 000,270,848 | ---- | C] () -- C:\WINDOWS2\System32\sbe.dll

[2004/08/19 10:09:34 | 000,014,336 | ---- | C] () -- C:\WINDOWS2\System32\msdmo.dll

[2004/08/19 10:09:26 | 000,186,368 | ---- | C] () -- C:\WINDOWS2\System32\encdec.dll

[2004/08/19 10:09:20 | 000,070,656 | ---- | C] () -- C:\WINDOWS2\System32\amstream.dll

[2004/08/19 10:08:48 | 000,733,696 | ---- | C] () -- C:\WINDOWS2\System32\qedwipes.dll

[2004/08/03 16:51:28 | 000,054,080 | ---- | C] () -- C:\WINDOWS2\System32\dosx.exe

[2004/08/03 16:48:48 | 000,003,352 | ---- | C] () -- C:\WINDOWS2\System32\redir.exe

[2004/08/03 16:46:56 | 000,042,537 | ---- | C] () -- C:\WINDOWS2\System32\keyboard.sys

[2004/08/03 16:45:26 | 000,034,000 | ---- | C] () -- C:\WINDOWS2\System32\ntio.sys

[2004/08/03 16:45:16 | 000,035,424 | ---- | C] () -- C:\WINDOWS2\System32\ntio412.sys

[2004/08/03 16:45:16 | 000,034,560 | ---- | C] () -- C:\WINDOWS2\System32\ntio404.sys

[2004/08/03 16:45:14 | 000,034,560 | ---- | C] () -- C:\WINDOWS2\System32\ntio804.sys

[2004/08/03 16:45:12 | 000,035,648 | ---- | C] () -- C:\WINDOWS2\System32\ntio411.sys

[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat

[2004/07/17 05:46:14 | 000,053,478 | ---- | C] () -- C:\WINDOWS2\System32\tcpmon.ini

[2004/07/17 05:34:48 | 000,355,112 | ---- | C] () -- C:\WINDOWS2\System32\msjetoledb40.dll

[2004/02/20 16:36:34 | 000,416,256 | ---- | C] () -- C:\WINDOWS2\exchndl.dll

[2001/08/28 10:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS2\System32\esentprf.ini

[2001/08/28 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat

[2001/08/28 10:00:00 | 000,554,464 | ---- | C] () -- C:\WINDOWS2\System32\perfh00C.dat

[2001/08/28 10:00:00 | 000,460,912 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat

[2001/08/28 10:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS2\System32\perfi00C.dat

[2001/08/28 10:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat

[2001/08/28 10:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat

[2001/08/28 10:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS2\System32\ir32_32.dll

[2001/08/28 10:00:00 | 000,101,922 | ---- | C] () -- C:\WINDOWS2\System32\perfc00C.dat

[2001/08/28 10:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS2\System32\msencode.dll

[2001/08/28 10:00:00 | 000,076,786 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat

[2001/08/28 10:00:00 | 000,071,102 | ---- | C] () -- C:\WINDOWS2\System32\edit.com

[2001/08/28 10:00:00 | 000,052,103 | ---- | C] () -- C:\WINDOWS2\System32\command.com

[2001/08/28 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin

[2001/08/28 10:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS2\System32\key01.sys

[2001/08/28 10:00:00 | 000,039,434 | ---- | C] () -- C:\WINDOWS2\System32\mem.exe

[2001/08/28 10:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS2\System32\perfd00C.dat

[2001/08/28 10:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS2\System32\ntdos411.sys

[2001/08/28 10:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS2\System32\ntdos412.sys

[2001/08/28 10:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS2\System32\ntdos804.sys

[2001/08/28 10:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS2\System32\ntdos404.sys

[2001/08/28 10:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat

[2001/08/28 10:00:00 | 000,027,916 | ---- | C] () -- C:\WINDOWS2\System32\ntdos.sys

[2001/08/28 10:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS2\System32\country.sys

[2001/08/28 10:00:00 | 000,021,162 | ---- | C] () -- C:\WINDOWS2\System32\debug.exe

[2001/08/28 10:00:00 | 000,020,727 | ---- | C] () -- C:\WINDOWS2\System32\mqperf.ini

[2001/08/28 10:00:00 | 000,019,902 | ---- | C] () -- C:\WINDOWS2\System32\graphics.com

[2001/08/28 10:00:00 | 000,015,937 | ---- | C] () -- C:\WINDOWS2\System32\rsvp.ini

[2001/08/28 10:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS2\System32\tsd32.dll

[2001/08/28 10:00:00 | 000,014,841 | ---- | C] () -- C:\WINDOWS2\System32\kb16.com

[2001/08/28 10:00:00 | 000,014,073 | ---- | C] () -- C:\WINDOWS2\System32\pschdprf.ini

[2001/08/28 10:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS2\System32\win87em.dll

[2001/08/28 10:00:00 | 000,013,010 | ---- | C] () -- C:\WINDOWS2\System32\edlin.exe

[2001/08/28 10:00:00 | 000,012,642 | ---- | C] () -- C:\WINDOWS2\System32\append.exe

[2001/08/28 10:00:00 | 000,012,067 | ---- | C] () -- C:\WINDOWS2\System32\setver.exe

[2001/08/28 10:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS2\System32\scriptpw.dll

[2001/08/28 10:00:00 | 000,009,037 | ---- | C] () -- C:\WINDOWS2\System32\ansi.sys

[2001/08/28 10:00:00 | 000,008,424 | ---- | C] () -- C:\WINDOWS2\System32\exe2bin.exe

[2001/08/28 10:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS2\System32\nlsfunc.exe

[2001/08/28 10:00:00 | 000,006,212 | ---- | C] () -- C:\WINDOWS2\System32\rasctrs.ini

[2001/08/28 10:00:00 | 000,004,912 | ---- | C] () -- C:\WINDOWS2\System32\himem.sys

[2001/08/28 10:00:00 | 000,003,258 | ---- | C] () -- C:\WINDOWS2\System32\nw16.exe

[2001/08/28 10:00:00 | 000,003,030 | ---- | C] () -- C:\WINDOWS2\System32\perfci.ini

[2001/08/28 10:00:00 | 000,002,994 | ---- | C] () -- C:\WINDOWS2\System32\perfwci.ini

[2001/08/28 10:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS2\System32\netware.drv

[2001/08/28 10:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS2\msdfmap.ini

[2001/08/28 10:00:00 | 000,001,293 | ---- | C] () -- C:\WINDOWS2\System32\perffilt.ini

[2001/08/28 10:00:00 | 000,001,187 | ---- | C] () -- C:\WINDOWS2\System32\loadfix.com

[2001/08/28 10:00:00 | 000,001,147 | ---- | C] () -- C:\WINDOWS2\System32\vwipxspx.exe

[2001/08/28 10:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS2\System32\share.exe

[2001/08/28 10:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS2\System32\fastopen.exe

[2001/08/28 10:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS2\System32\mscdexnt.exe

[2001/08/28 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat

[2001/08/28 10:00:00 | 000,000,499 | ---- | C] () -- C:\WINDOWS2\win.ini

[2001/08/28 10:00:00 | 000,000,363 | ---- | C] () -- C:\WINDOWS2\System32\prodspec.ini

[2001/08/28 10:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS2\system.ini

[2001/08/23 13:47:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS2\System32\dvdplay.exe

[2001/08/23 13:47:16 | 000,157,696 | ---- | C] () -- C:\WINDOWS2\System32\paqsp.dll

[2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin

[2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat

========== LOP Check ==========

[2009/09/05 11:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Spyware Terminator

[2007/11/23 14:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\AchrafCherti

[2010/12/26 13:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Audacity

[2010/10/27 08:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\AVG10

[2010/12/01 09:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Canneverbe Limited

[2010/10/12 06:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\CBS Interactive

[2010/11/07 08:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Dexpot

[2008/02/24 09:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\GlarySoft

[2011/03/08 11:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\gtk-2.0

[2009/12/13 06:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Icones

[2011/02/25 09:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\IN-MEDIAKG

[2009/10/13 12:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Inkscape

[2011/01/05 03:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\IObit

[2008/07/13 09:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\JAM Software

[2010/10/12 05:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\JLC's Software

[2010/08/09 09:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\KC Softwares

[2008/03/22 06:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\KeySafe

[2009/10/19 03:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Leadertech

[2010/03/07 16:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Livestation

[2010/03/07 16:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Mchid

[2011/02/25 09:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\mresreg

[2011/02/02 04:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\OpenOffice.org

[2011/02/06 07:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Opera

[2009/03/15 14:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Q-Dir

[2009/07/19 07:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\SumatraPDF

[2009/12/18 08:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Thunderbird

[2008/03/23 11:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Todae

[2010/05/31 04:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Tracker Software

[2010/07/23 03:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Uniblue

[2008/06/15 09:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Windows Desktop Search

[2008/07/19 06:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claude.TITANIUMV2COMPU\Application Data\Windows Search

[2010/05/23 04:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Softland

[2009/12/02 06:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Spyware Terminator

[2010/12/05 10:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\3DVIA

[2010/10/28 05:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Alwil Software

[2010/10/30 05:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\AVG10

[2010/10/26 10:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\avg9

[2010/12/01 09:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Canneverbe Limited

[2010/10/27 08:01:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Common Files

[2008/07/10 13:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Disk Cleaner

[2010/08/15 03:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\ElectricSheep

[2011/01/05 02:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\FreeApp

[2009/08/19 05:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\IObit

[2010/11/01 15:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\ma-config.com

[2010/10/27 07:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\MFAData

[2008/05/29 13:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Pinnacle

[2007/09/22 13:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Skyline

[2010/11/01 11:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMP

[2011/01/08 04:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Tracker Software

[2011/01/05 03:27:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

[2011/03/20 09:29:55 | 000,000,314 | ---- | M] () -- C:\WINDOWS2\Tasks\GlaryInitialize.job

[2011/03/20 09:29:42 | 000,000,266 | ---- | M] () -- C:\WINDOWS2\Tasks\RegistryBooster.job

[2011/03/06 17:41:05 | 000,000,386 | ---- | M] () -- C:\WINDOWS2\Tasks\SmartDefrag.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: AGP440.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 17:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\agp440.sys

< MD5 for: AHCIX86.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: AHCIX86S.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: ATAPI.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\atapi.sys

[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\drivers\atapi.sys

[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2009/12/22 14:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS2\system32\dllcache\cdrom.sys

[2009/12/22 14:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS2\system32\drivers\cdrom.sys

[2004/08/03 16:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\cdrom.sys

< MD5 for: CNGAUDIT.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: CSRSS.EXE >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:09:52 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6EDCA12F58A4513637AF2DEBB1629BC8 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\csrss.exe

[2004/08/19 10:09:52 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6EDCA12F58A4513637AF2DEBB1629BC8 -- C:\WINDOWS2\system32\csrss.exe

[2004/08/19 10:09:52 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=6EDCA12F58A4513637AF2DEBB1629BC8 -- C:\WINDOWS2\system32\dllcache\csrss.exe

< MD5 for: ENETHOOK.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: EVENTLOG.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\eventlog.dll

[2004/08/19 10:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS2\system32\dllcache\eventlog.dll

[2004/08/19 10:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS2\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2007/06/13 09:22:28 | 001,188,352 | ---- | M] (Microsoft Corporation) MD5=2D70EF2ADC4CA0C8CB1E40D150BE8B25 -- C:\WINDOWS2\explorer.exe

[2007/06/13 09:22:28 | 001,188,352 | ---- | M] (Microsoft Corporation) MD5=2D70EF2ADC4CA0C8CB1E40D150BE8B25 -- C:\WINDOWS2\system32\dllcache\explorer.exe

[2007/06/13 09:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS2\XPize\Backup\explorer.exe

< MD5 for: I8042PRT.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 09:56:40 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\i8042prt.sys

[2004/08/19 10:56:40 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS2\system32\dllcache\i8042prt.sys

[2004/08/19 10:56:40 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS2\system32\drivers\i8042prt.sys

[2004/08/19 09:56:40 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS2\system32\ReinstallBackups\0002\DriverFiles\i386\i8042prt.sys

[2004/08/19 09:56:40 | 000,054,400 | ---- | M] (Microsoft Corporation) MD5=D1EFCBD693B5BA21314D06368C471070 -- C:\WINDOWS2\system32\ReinstallBackups\0007\DriverFiles\i386\i8042prt.sys

< MD5 for: IASTOR.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: IASTORV.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: IDECHNDR.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: IMAPI.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 17:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\imapi.sys

[2004/08/03 17:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- C:\WINDOWS2\system32\dllcache\imapi.sys

[2004/08/03 17:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) MD5=F8AA320C6A0409C0380E5D8A99D76EC6 -- C:\WINDOWS2\system32\drivers\imapi.sys

< MD5 for: IPSEC.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 17:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\ipsec.sys

[2004/08/03 17:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS2\system32\dllcache\ipsec.sys

[2004/08/03 17:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS2\system32\drivers\ipsec.sys

< MD5 for: KBDCLASS.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\kbdclass.sys

[2004/08/19 11:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\dllcache\kbdclass.sys

[2004/08/19 11:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\drivers\kbdclass.sys

[2004/08/19 10:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\ReinstallBackups\0002\DriverFiles\i386\kbdclass.sys

[2004/08/19 10:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\ReinstallBackups\0003\DriverFiles\i386\kbdclass.sys

[2004/08/19 11:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\ReinstallBackups\0006\DriverFiles\i386\kbdclass.sys

[2004/08/19 10:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\ReinstallBackups\0007\DriverFiles\i386\kbdclass.sys

[2004/08/19 11:00:34 | 000,025,216 | ---- | M] (Microsoft Corporation) MD5=E798705E8DC7FAB596EF6BFDF167E007 -- C:\WINDOWS2\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys

< MD5 for: KBDHID.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:00:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=62DD5EEFCEC4EF4163F1168D4262A9E4 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\kbdhid.sys

[2004/08/19 11:00:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=62DD5EEFCEC4EF4163F1168D4262A9E4 -- C:\WINDOWS2\system32\dllcache\kbdhid.sys

[2004/08/19 11:00:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=62DD5EEFCEC4EF4163F1168D4262A9E4 -- C:\WINDOWS2\system32\drivers\kbdhid.sys

[2004/08/19 10:00:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=62DD5EEFCEC4EF4163F1168D4262A9E4 -- C:\WINDOWS2\system32\ReinstallBackups\0003\DriverFiles\i386\kbdhid.sys

[2004/08/19 11:00:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=62DD5EEFCEC4EF4163F1168D4262A9E4 -- C:\WINDOWS2\system32\ReinstallBackups\0006\DriverFiles\i386\kbdhid.sys

[2004/08/19 10:00:36 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=62DD5EEFCEC4EF4163F1168D4262A9E4 -- C:\WINDOWS2\system32\ReinstallBackups\0008\DriverFiles\i386\kbdhid.sys

< MD5 for: KR10N.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: LOGEVENT.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: MOUCLASS.SYSS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: MRXSMB.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 17:15:18 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\mrxsmb.sys

[2009/12/04 09:37:07 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=31422F271B5F3E257339541E76569A00 -- C:\WINDOWS2\$hf_mig$\KB978251\SP2QFE\mrxsmb.sys

[2010/02/24 08:48:23 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=3500E756812E716351F2D341AE1D5623 -- C:\WINDOWS2\$hf_mig$\KB980232\SP2QFE\mrxsmb.sys

[2009/12/04 14:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS2\$hf_mig$\KB978251\SP3GDR\mrxsmb.sys

[2009/12/04 13:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS2\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys

[2010/02/24 07:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS2\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys

[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS2\$hf_mig$\KB980232\SP3GDR\mrxsmb.sys

[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS2\Driver Cache\i386\mrxsmb.sys

[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS2\system32\dllcache\mrxsmb.sys

[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) MD5=FB6C89BB3CE282B08BDB1E3C179E1C39 -- C:\WINDOWS2\system32\drivers\mrxsmb.sys

< MD5 for: NETBIOS.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 17:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=3A2ACA8FC1D7786902CA434998D7CEB4 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netbios.sys

[2004/08/03 17:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=3A2ACA8FC1D7786902CA434998D7CEB4 -- C:\WINDOWS2\system32\dllcache\netbios.sys

[2004/08/03 17:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) MD5=3A2ACA8FC1D7786902CA434998D7CEB4 -- C:\WINDOWS2\system32\drivers\netbios.sys

< MD5 for: NETBT.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/03 17:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netbt.sys

[2004/08/03 17:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS2\system32\dllcache\netbt.sys

[2004/08/03 17:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS2\system32\drivers\netbt.sys

< MD5 for: NETLOGON.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\netlogon.dll

[2004/08/19 10:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS2\system32\dllcache\netlogon.dll

[2004/08/19 10:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS2\system32\netlogon.dll

[2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS2\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 14:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS2\$hf_mig$\KB975467\SP2QFE\netlogon.dll

< MD5 for: NTELOGON.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: NVATA.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: NVATABUS.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: NVGTS.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: NVSTOR.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: NVSTOR32.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: PROCESSR.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:20:54 | 000,039,552 | ---- | M] (Microsoft Corporation) MD5=F480712B761E538BC8E44EDE60F3A3C3 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\processr.sys

[2004/08/19 10:20:54 | 000,039,552 | ---- | M] (Microsoft Corporation) MD5=F480712B761E538BC8E44EDE60F3A3C3 -- C:\WINDOWS2\system32\drivers\processr.sys

< MD5 for: RASACD.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2001/08/28 10:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS2\system32\dllcache\rasacd.sys

[2001/08/28 10:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS2\system32\drivers\rasacd.sys

< MD5 for: RDBSS.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=03B965B1CA47F6EF60EB5E51CB50E0AF -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\rdbss.sys

[2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=03B965B1CA47F6EF60EB5E51CB50E0AF -- C:\WINDOWS2\system32\dllcache\rdbss.sys

[2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=03B965B1CA47F6EF60EB5E51CB50E0AF -- C:\WINDOWS2\system32\drivers\rdbss.sys

< MD5 for: RDPCDD.SYS S >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: REDBOOK.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 09:54:52 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\redbook.sys

[2004/08/19 09:54:52 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS2\system32\dllcache\redbook.sys

[2004/08/19 09:54:52 | 000,058,496 | ---- | M] (Microsoft Corporation) MD5=2CC30B68DD62B73D444A41322CD7FC4C -- C:\WINDOWS2\system32\drivers\redbook.sys

< MD5 for: SCECLI.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\scecli.dll

[2004/08/19 10:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS2\system32\dllcache\scecli.dll

[2004/08/19 10:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS2\system32\scecli.dll

< MD5 for: SCECLT.DLL >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: SERIAL.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 09:56:40 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=653201755CA96AB4AAA4131DAF6DA356 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\serial.sys

[2004/08/19 09:56:40 | 000,066,560 | ---- | M] (Microsoft Corporation) MD5=653201755CA96AB4AAA4131DAF6DA356 -- C:\WINDOWS2\system32\drivers\serial.sys

< MD5 for: TASKMGR.EXE >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:10:04 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=36AA4F510148FBE400CBA088310EF3C6 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\taskmgr.exe

[2004/08/19 10:10:04 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=36AA4F510148FBE400CBA088310EF3C6 -- C:\WINDOWS2\XPize\Backup\taskmgr.exe

[2004/08/19 10:10:04 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=DB2F0A99594A9836B765A841942FF922 -- C:\WINDOWS2\system32\dllcache\taskmgr.exe

[2004/08/19 10:10:04 | 000,185,344 | ---- | M] (Microsoft Corporation) MD5=DB2F0A99594A9836B765A841942FF922 -- C:\WINDOWS2\system32\taskmgr.exe

< MD5 for: TCPIP.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS2\system32\dllcache\tcpip.sys

[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS2\system32\drivers\tcpip.sys

< MD5 for: TERMDD.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 11:10:18 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\termdd.sys

[2004/08/19 11:10:18 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS2\system32\drivers\termdd.sys

< MD5 for: USERINIT.EXE >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\userinit.exe

[2004/08/19 10:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS2\system32\dllcache\userinit.exe

[2004/08/19 10:10:04 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS2\system32\userinit.exe

< MD5 for: VAXSCSI.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: VIAMRAID.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: VIASRAID.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: VIPRT.SYS >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: WININIT.EXE >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

< MD5 for: WINLOGON.EXE >

[2004/08/19 10:20:54 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab: Invalid or corrupt .cab file

[2004/08/19 10:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS2\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\backup\winlogon.exe

[2004/08/19 10:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS2\system32\dllcache\winlogon.exe

[2004/08/19 10:10:06 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=123EEA158F74D0F67A51DCDF065D1091 -- C:\WINDOWS2\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMP:5C321E34

< End of report >

pear · le 20 mars 2011

Il y a eu une erreur de frappe.

Manquent ces 2 drivers.

Relancez Otlpe, svp

quand l' écran d'OTLPE s'affiche:

Vérifier que les paramètres sont identiques à ceux de l'image ci-dessus.

Dans Pesonnalisation (Custom Scans Fixes) copier_coller le contenu ci dessous:

/md5start

RDPCDD.sys

mouclass.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

Clic sur Analyse (Run Scan)

le scan terminé , le fichier se trouve là C:\OTL.txt

Comment poster les rapports

Vous copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

pear · le 20 mars 2011

copier/coller tout le texte suivant (en vert) dans la fenêtre de Personnalisation Custom Scan/Fixes

:OTL

DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)

DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

IE - HKU\claude.TITANIUMV2COMPU_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

2010/05/03 10:47:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/04 14:14:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKU\claude.TITANIUMV2COMPU_ON_C\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.

O3 - HKU\claude.TITANIUMV2COMPU_ON_C\..\Toolbar\WebBrowser: (no name) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - No CLSID value found.

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.inoculer....bitdefender.cab (Reg Error: Key error.)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

[2011/03/20 09:29:42 | 000,000,266 | ---- | M] () -- C:\WINDOWS2\tasks\RegistryBooster.job

:files

C:\Windows\System32\DRIVERS\cdrom.sys | C:\WINDOWS2\system32\dllcache\cdrom.sys /replace

C:\Windows\System32\DRIVERS\i8042prt.sys | C:\WINDOWS2\system32\drivers\i8042prt.sys /replace

C:\Windows\System32\DRIVERS\imapi.sys |C:\WINDOWS2\system32\drivers\imapi.sys /replace

C:\Windows\System32\DRIVERS\ipsec.sys |C:\WINDOWS2\system32\drivers\ipsec.sys /replace

C:\Windows\System32\DRIVERS\kbdclass.sys |C:\WINDOWS2\system32\drivers\kbdclass.sys /replace

C:\Windows\System32\DRIVERS\kbdhid.sys |C:\WINDOWS2\system32\drivers\kbdhid.sys /replace

C:\Windows\System32\DRIVERS\mouclass.sys |C:\WINDOWS2\system32\drivers\mouclass.sys /replace

C:\Windows\System32\DRIVERS\mrxsmb.sys |C:\WINDOWS2\system32\drivers\mrxsmb.sys /replace

C:\Windows\System32\DRIVERS\netbios.sys |C:\WINDOWS2\system32\drivers\netbios.sys /replace

C:\Windows\System32\DRIVERS\netbt.sys |C:\WINDOWS2\system32\drivers\netbt.sys /replace

C:\Windows\System32\DRIVERS\processr.sys |C:\WINDOWS2\system32\drivers\processr.sys /replace

C:\Windows\System32\DRIVERS\rasacd.sys |C:\WINDOWS2\system32\drivers\rasacd.sys /replace

C:\Windows\System32\DRIVERS\rdbss.sys |C:\WINDOWS2\system32\drivers\rdbss.sys /replace

C:\Windows\System32\DRIVERS\RDPCDD.sys |C:\WINDOWS2\system32\drivers\RDPCDD.sys /replace

C:\Windows\System32\DRIVERS\redbook.sys |C:\WINDOWS2\system32\drivers\redbook.sys /replace

C:\Windows\System32\DRIVERS\serial.sys |C:\WINDOWS2\system32\drivers\serial.sys /replace

C:\Windows\System32\DRIVERS\tcpip.sys |C:\WINDOWS2\system32\drivers\tcpip.sys /replace

C:\Windows\System32\DRIVERS\termdd.sys |C:\WINDOWS2\system32\drivers\termdd.sys /replace

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:commands

[PURITY]

[EMPTYTEMP]

[REBOOT]

Dans la fenêtre de l'outil OTLPE, cliquez sur [bRun Fix][/b] ;

Patientez juqu'à l'apparition du rapport

Faites un "Shutdown" de l'environnement OTLPE (via le bouton "Start" au bas à gauche) et redémarrez normalement la machine infectée après avoir retiré le CD OTLPE.

collez le rapport de OTLPE dans votre réponse

Modifié le 20 mars 2011 par pear

béotien46 · le 21 mars 2011

toutes les opérations ont été effectuées. C'est encore pire qu'avant : après le reboot, message sur XP : impossible trouver le fichier x:\programs\otple\otple.exe, pas de souris ni de clavier en fonction donc bloquage.

voici le dernier rapport otle :

OTL logfile created on: 3/21/2011 3:33:41 PM - Run

OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2900.2180)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767.00 Mb Total Physical Memory | 549.00 Mb Available Physical Memory | 72.00% Memory free

707.00 Mb Paging File | 588.00 Mb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files

Drive C: | 21.04 Gb Total Space | 10.08 Gb Free Space | 47.90% Space Free | Partition Type: NTFS

Drive D: | 128.01 Gb Total Space | 121.86 Gb Free Space | 95.20% Space Free | Partition Type: NTFS

Drive F: | 1.87 Gb Total Space | 1.76 Gb Free Space | 93.66% Space Free | Partition Type: FAT

Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days