[RESOLU]pub intempestives

[marsouin10_0]

re

le fait de passer à firefox supprimera cette cochonnerie?

il n'existe pas un logiciel pour supprimer ces pub?

je possede le cd sp3 serait il suceptible d'éradiquer ce probleme?

j ai vu sur ce site que pour un cas similaire on utilisait OTL et security check

ces logiciels ne s'appliquent pas à mon probleme?

Modifié le 26 avril 2011 par marsouin10_0

[pear]

Comme je vous l'ai dit , Firefox est plus sûr.

Adblock+ est un moyen de se protéger des pubs, mais cela peut être insuffisant.

Si c'est le cas, on avisera.

mais, si vous n'avez pas confiance , on peut très bien en rester là.

[marsouin10_0]

bonjour

ne vous vexez pas je pose juste une question.je ne connais pas firefox c est pour cela que j hesite à passer sur ce navigateur.

mais si il le faut j y passerai

merci encore

[pear]

Vous vous méprenez: je ne suis aucunement vexé.

C'est seulement que ma suggestion est un passage obligé si vous voulez qu'on avance.

Et le plus tôt sera le mieux.

 

Si cela peut vous rassurer, lancez dès maintenant Otl, l'autre n'est pas utile.

Télécharger OTL sur le bureau

Double cliquer sur l'icône

 

 

Vérifiez que toutes les autres fenêtres sont fermées afin qu'il s'exécute sans interruption.

Cochez]----------------->Tous les utilisateurs (scan all users)

Sous Rapport (output)

Cliquez ----------------------------->Rapport Standard (Standard Output)

Sous Régistre Standard(Standard Registry) cocher Tous(All)

Cochez------------------------------> Lop check et Purity check

 

Dans Pesonnalisation (Custom Scans Fixes) copier_coller le contenu ci dessous:

netsvcs

drivers32

SAVEMBR:0

%SYSTEMDRIVE%\*.exe

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%appdata% *.exe /s

/md5start

userinit.exe

wininit.exe

explorer.exe

csrss.exe

alg.exe

fxssvc.exe

lsass.exe

locator.exe

msdtc.exe

spoolsv.exe

snmptrap.exe

sppsvc.exe

UI0Detect.exe

vds.exe

vssvc.exe

WatAdminSvc.exe

wbengine.exe

WmiApSrv.exe

wmpnetwk.exe

ndis.sys

tcpip.sys

winlogon.exe

iesetup.dll

inseng.dll

mshtml.dll

pngfilt.dll

webcheck.dll

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

cdrom.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

 

Clic sur Analyse

une fois le scan terminé , les fichiers OTL.txt et Extras.txt vont s'ouvrir

 

Comment poster les rapports

Vous copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

 

ou Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Ensuite appuyez sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

[marsouin10_0]

voici les rapports:

 

 

OTL logfile created on: 26/04/2011 18:21:20 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS

 

Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

PRC - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) -- C:\Program Files\Microsoft\sysNM.exe

PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

PRC - [2010/07/04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe

PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

PRC - [2006/02/07 10:07:02 | 000,200,704 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe

PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2003/08/29 15:20:02 | 000,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe

PRC - [2003/08/29 08:44:50 | 000,135,214 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVComS.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/07/04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll

MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Microsoft\sysNM.exe -- (WinSysINM)

SRV - [2011/03/10 14:42:22 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)

SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)

SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/08/30 11:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)

DRV - [2009/12/25 12:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)

DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)

DRV - [2009/11/27 09:20:06 | 000,177,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG)

DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2003/08/29 08:43:48 | 000,334,096 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = Sign In

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Banque et Assurance LCL - Le Crédit Lyonnais Particuliers [binary data]

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Abonnement Adsl Haut débit avec Alice France. Page d'accueil du portail.

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/21 08:09:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/28 11:15:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/29 11:33:04 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [eCarteBleue-CLEO] C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe (Orbiscom Ltd. All rights reserved.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab (Kaspersky License Finder)

O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab (KeybHunterWebInterface Class)

O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} http://www.super-messenger.fr/tab/HookWlmEx.exe (HookWlmEx Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282320427890 (MUWebControl Class)

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab (Microsoft Office XP Professional Step by Step Interactive)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab ("Ma-Config.com control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/20 10:40:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

CREATERESTOREPOINT

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/26 18:16:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

[2011/04/25 13:12:57 | 012,660,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe

[2011/04/25 09:18:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/04/25 08:32:53 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/04/25 08:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/04/24 15:20:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2011/04/24 15:20:10 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2011/04/24 10:25:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent

[2011/04/22 17:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Mes documents\depannage zebulon

[2011/04/22 06:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java

[2011/04/22 06:16:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag

[2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP

[2011/04/14 06:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2011/04/14 06:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype

[2011/04/14 06:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype

[2011/04/11 10:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Unlocker

[2011/04/11 07:45:43 | 000,000,000 | ---D | C] -- C:\rsit

[2011/04/10 06:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com

[2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Outils d'administration

[2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Démarrage

[2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Coolscript2

[2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\CCleaner

[2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Radio Fr Solo 2.1

[2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer

[2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Accessoires

[2011/04/04 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis

[2011/03/29 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2011/03/29 11:31:00 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/04/26 18:21:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

[2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2011/04/26 18:11:09 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/26 18:11:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/26 09:26:10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2011/04/26 09:03:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\BELOTEXP.INI

[2011/04/26 07:29:47 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Ludi.lnk

[2011/04/25 13:12:57 | 012,660,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe

[2011/04/25 08:33:01 | 000,000,332 | RHS- | M] () -- C:\boot.ini

[2011/04/22 08:36:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk

[2011/04/22 06:15:41 | 000,552,342 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2011/04/22 06:15:40 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/22 06:15:40 | 000,094,042 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2011/04/22 06:15:40 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/21 17:09:25 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/04/20 10:29:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk

[2011/04/17 18:54:08 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Page d'authentification - Caisse d'Epargne.url

[2011/04/17 09:15:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/15 06:28:55 | 002,036,736 | ---- | M] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps

[2011/04/14 06:56:23 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Microsoft PowerPoint.lnk

[2011/04/14 06:55:44 | 000,001,208 | ---- | M] () -- C:\WINDOWS\Radio_Fr.ini

[2011/04/13 07:08:12 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/07 07:09:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2011/04/05 06:31:37 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011/04/05 06:31:37 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/04/26 18:21:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/04/25 08:33:01 | 000,000,216 | ---- | C] () -- C:\Boot.bak

[2011/04/25 08:32:56 | 000,263,488 | RHS- | C] () -- C:\cmldr

[2011/04/21 17:09:25 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2011/04/20 10:29:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk

[2011/04/15 06:28:53 | 002,036,736 | ---- | C] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps

[2011/04/14 06:30:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk

[2011/03/29 11:34:45 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011/03/29 11:34:45 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2011/01/28 12:44:12 | 000,172,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2010/12/26 11:58:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2010/12/25 10:51:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/10/12 16:54:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/10/07 08:11:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI

[2010/08/21 11:15:49 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BELOTEXP.INI

[2010/08/21 10:53:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE

[2010/08/21 08:35:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/21 08:03:12 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat

[2010/08/20 17:52:07 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini

[2010/08/20 17:05:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2010/08/20 16:46:26 | 000,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/08/20 12:30:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/08/20 12:29:09 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/20 11:58:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/20 11:06:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2010/08/20 11:01:33 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2010/08/20 10:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/08/20 10:38:31 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[2007/03/09 16:27:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/05 14:00:00 | 000,552,342 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2004/08/05 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/05 14:00:00 | 000,094,042 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2004/08/05 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1998/10/27 00:00:00 | 001,691,408 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL

[1998/10/27 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1998/10/27 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL

[1998/10/27 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 

========== LOP Check ==========

 

[2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/08/20 14:45:33 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Application Data

[2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Bureau

[2011/02/10 07:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Canon

[2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Contacts

[2010/08/20 14:45:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Favoris

[2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FotoWire

[2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GlarySoft

[2010/12/04 09:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\gtk-2.0

[2010/08/20 14:48:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Local Settings

[2010/08/20 14:48:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Menu Démarrer

[2010/08/20 14:48:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Mes documents

[2010/08/20 14:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Modèles

[2011/01/08 09:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\moovida-1

[2010/08/22 08:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\OpenOffice.org

[2010/08/20 14:59:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Recent

[2010/08/20 14:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ScanSoft

[2010/08/20 14:59:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\SendTo

[2010/10/24 08:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SoftGrid Client

[2010/08/20 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Todae

[2010/12/10 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Tracing

[2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage d'impression

[2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage réseau

[2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %ALLUSERSPROFILE%\Application Data\*. >

[2011/03/21 07:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/08/20 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2011/04/26 18:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2011/03/29 11:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/10/10 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/02/16 07:36:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010/10/07 06:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2011/01/08 10:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2011/04/14 06:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2011/04/20 06:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2010/08/22 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/08/20 11:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2008/11/11 19:32:32 | 000,079,184 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe

[2009/11/14 15:26:08 | 000,064,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\French\setup.exe

[2010/10/01 21:02:22 | 000,648,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\autorun.exe

[2010/10/01 21:02:20 | 000,064,120 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\setup.exe

 

< %appdata% *.exe /s >

 

 

< MD5 for: AGP440.SYS >

[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ALG.EXE >

[2004/08/05 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe

[2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe

[2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe

 

< MD5 for: ATAPI.SYS >

[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

 

< MD5 for: CDROM.SYS >

[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[2004/08/05 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

 

< MD5 for: CSRSS.EXE >

[2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

[2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe

[2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe

 

< MD5 for: EVENTLOG.DLL >

[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

< MD5 for: FXSSVC.EXE >

[2008/04/14 04:34:05 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=305687EB8C8E0A12A0B2BAE387B6E466 -- C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe

[2004/08/05 14:00:00 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=312AD40E462BD61763B1166D6D8C1642 -- C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe

 

< MD5 for: IESETUP.DLL >

[2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\dllcache\iesetup.dll

[2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\iesetup.dll

[2008/04/14 04:33:26 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=61BF4A6E843A4FE8CE54448420B017D4 -- C:\WINDOWS\ServicePackFiles\i386\iesetup.dll

[2004/08/05 14:00:00 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=ED2C35BB6489A71DEAB88E8AA12DC951 -- C:\WINDOWS\ie8\iesetup.dll

 

< MD5 for: INSENG.DLL >

[2010/04/16 17:21:22 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=2EBE30F9A0B657A6C4D8F19D63522246 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\inseng.dll

[2004/08/05 14:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=3F2AC9F8FFF0A4DD2868B57AF2937E1D -- C:\WINDOWS\$NtUninstallKB982381$\inseng.dll

[2008/04/14 04:33:27 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=46FFA5E6526403C1882843705BEA627C -- C:\WINDOWS\ServicePackFiles\i386\inseng.dll

[2010/04/16 17:36:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=89986430979BA0BB2621E0BAB6AAAB7A -- C:\WINDOWS\ie8\inseng.dll

[2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\dllcache\inseng.dll

[2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\inseng.dll

 

< MD5 for: LOCATOR.EXE >

[2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\ServicePackFiles\i386\locator.exe

[2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\system32\locator.exe

[2004/08/05 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=57CF313EB5CB2C9A0B3FF67437BECDFA -- C:\WINDOWS\$NtServicePackUninstall$\locator.exe

 

< MD5 for: LSASS.EXE >

[2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ERDNT\cache\lsass.exe

[2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe

[2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe

[2004/08/05 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=9F3744A5C6F49291A7A685040A013399 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

 

< MD5 for: MSDTC.EXE >

[2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=680639B08040CEC24B8BD873B1F02F51 -- C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe

[2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\ServicePackFiles\i386\msdtc.exe

[2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\system32\msdtc.exe

 

< MD5 for: MSHTML.DLL >

[2010/11/06 02:25:05 | 005,960,704 | ---- | M] (Microsoft Corporation) MD5=04210EEC4675E1304C0F9BDCE7A6735F -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll

[2010/09/10 07:50:17 | 005,957,120 | ---- | M] (Microsoft Corporation) MD5=07F85C15C4C0950DB8B5D4509D38182D -- C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll

[2004/08/05 14:00:00 | 003,003,392 | ---- | M] (Microsoft Corporation) MD5=3FE8D0C4C2F3B928192BD06DCEE34B32 -- C:\WINDOWS\$NtUninstallKB982381$\mshtml.dll

[2010/12/21 01:53:04 | 005,961,216 | ---- | M] (Microsoft Corporation) MD5=57840C53F8FA1928AD7A02A61C990401 -- C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll

[2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll

[2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\mshtml.dll

[2010/04/16 18:07:56 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=5E2FF63E99CE871151A218DE09FC954F -- C:\WINDOWS\$hf_mig$\KB982381\SP3GDR\mshtml.dll

[2010/12/21 01:52:00 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=6CEA3DF10D6B27C2A98EBDD4DDBE7646 -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll

[2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\mshtml.dll

[2010/11/06 02:21:44 | 005,959,168 | ---- | M] (Microsoft Corporation) MD5=77EF4923A564EE6415A0204B299C91C2 -- C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll

[2010/06/24 14:28:32 | 005,954,560 | ---- | M] (Microsoft Corporation) MD5=7B63F9D998AF9FB1E147A71871773F9C -- C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll

[2011/02/23 01:25:23 | 005,964,800 | ---- | M] (Microsoft Corporation) MD5=87AD8BE7B6A2AA21BD05BAEEC42ADE1C -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

[2010/04/16 17:36:38 | 003,086,336 | ---- | M] (Microsoft Corporation) MD5=89B865375750836754A2503F584760A4 -- C:\WINDOWS\ie8\mshtml.dll

[2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\ERDNT\cache\mshtml.dll

[2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\dllcache\mshtml.dll

[2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\mshtml.dll

[2010/04/16 17:21:25 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=BC72656B05A1DAE44C5B37709A19A575 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\mshtml.dll

[2008/04/14 04:33:31 | 003,066,880 | ---- | M] (Microsoft Corporation) MD5=C4153F037157C7BE7C54FD88887F027D -- C:\WINDOWS\ServicePackFiles\i386\mshtml.dll

[2010/06/24 14:25:23 | 005,951,488 | ---- | M] (Microsoft Corporation) MD5=D1829B36DF1006D2B0954910A757AF84 -- C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll

[2009/03/08 04:41:16 | 005,937,152 | ---- | M] (Microsoft Corporation) MD5=D469A0EBA2EF5C6BEE8065B7E3196E5E -- C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll

[2010/04/16 18:00:50 | 003,094,528 | ---- | M] (Microsoft Corporation) MD5=E393E03FEDA7DD46EC8351195CB1E8CD -- C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\mshtml.dll

[2010/09/10 07:47:25 | 005,958,656 | ---- | M] (Microsoft Corporation) MD5=E97A32E6341D4ED609514D59EB5D0E3D -- C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll

 

< MD5 for: NDIS.SYS >

[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys

[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2004/08/05 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: NVGTS.SYS >

[2009/06/30 17:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvgts.sys

[2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sata_ide\nvgts.sys

 

< MD5 for: PNGFILT.DLL >

[2010/04/16 17:36:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=0CC738DBAFE72D93AE04A353AC37475F -- C:\WINDOWS\ie8\pngfilt.dll

[2004/08/05 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=218E0899E40D1ECD6A6E5B6D33805160 -- C:\WINDOWS\$NtUninstallKB982381$\pngfilt.dll

[2008/04/14 04:33:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=881267FB3006D2519BA122A370D118DA -- C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll

[2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\dllcache\pngfilt.dll

[2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\pngfilt.dll

[2010/04/16 17:21:26 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=E91CCDE0C6FE99E89FFDDB848DD49F19 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\pngfilt.dll

 

< MD5 for: SCECLI.DLL >

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 

< MD5 for: SNMPTRAP.EXE >

[2004/08/05 14:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4D5B5F0A63F52618E985E3C07BC783C1 -- C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe

[2008/04/14 04:34:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=522BE2694B8E3B2300B335575DDDA50E -- C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe

 

< MD5 for: SPOOLSV.EXE >

[2010/08/17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe

[2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe

[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe

[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe

[2004/08/05 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=B4EF928E4FAD79364A80ACBA6D999934 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

 

< MD5 for: TCPIP.SYS >

[2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

[2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2004/08/05 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys

[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

 

< MD5 for: USERINIT.EXE >

[2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: VSSVC.EXE >

[2004/08/05 14:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=0F5B203240184D34852936696DF3E91D -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe

[2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe

[2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\system32\vssvc.exe

 

< MD5 for: WEBCHECK.DLL >

[2004/08/05 14:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=85F7D0705A6781F9B07D6AA6341EBE75 -- C:\WINDOWS\ie8\webcheck.dll

[2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\dllcache\webcheck.dll

[2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\webcheck.dll

[2008/04/14 04:33:48 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=D38149872202B39139740319AAE84D30 -- C:\WINDOWS\ServicePackFiles\i386\webcheck.dll

 

< MD5 for: WINLOGON.EXE >

[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

 

< MD5 for: WMIAPSRV.EXE >

[2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe

[2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\system32\wbem\wmiapsrv.exe

[2004/08/05 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=77945EA0BFDD662203F07FE5513A409D -- C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe

 

< MD5 for: WMPNETWK.EXE >

[2006/11/03 09:59:14 | 000,918,016 | ---- | M] (Microsoft Corporation) MD5=C9BEA742CE225CC993C9465FDDAE4656 -- C:\Program Files\Windows Media Player\wmpnetwk.exe

 

< %systemroot%\*. /mp /s >

 

< >

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Robert\Bureau\Robert.exe:Updt_SummaryInformation

 

< End of report >

 

 

 

 

vlici le second rapport

 

 

OTL Extras logfile created on: 26/04/2011 18:21:20 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS

 

Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp

"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Coolscript2\cool script.exe" = C:\Program Files\Coolscript2\cool script.exe:*:Enabled:Cool -- (Cool Co. Ltd.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0810B8B7-7539-41D3-983E-6127FCF1CC9E}" = Ma-Config.com

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D6B54EF-65E4-4624-8709-03A3BBE2C240}" = e-Carte Bleue LCL

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage

"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9FD78518-7CBD-4071-8BE2-DDCA898890E0}" = network module

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A46C3CC2-B6F2-492D-83BF-52EB320307CC}" = Microsoft Office XP - Autoformation Interactive

"{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam

"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.6 - Français

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr

"CCleaner" = CCleaner

"Coolscript2" = CoolScript2(remove)

"Defraggler" = Defraggler

"e-Carte Bleue VISA Cléo" = e-Carte Bleue VISA Cléo

"Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series

"Glary Utilities_is1" = Glary Utilities 2.33.0.1158

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE

"Logitech Print Service" = Logitech Print Service

"Ludi" = Ludi

"Ludiclub.com" = Ludiclub.com

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"mIRC" = mIRC

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PhotoFiltre" = PhotoFiltre

"PowerpointImageExtractor_is1" = PowerpointImageExtractor

"PPTView97" = Microsoft PowerPoint Viewer 97

"QcDrv" = Programme de gestion Camera de Logitech®

"Radio_Fr" = Radio Fr Solo 2.1

"Unlocker" = Unlocker 1.9.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.10

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Zeb Help Process_is1" = ZebHelpProcess 2.46

"ZHPDiag_is1" = ZHPDiag 1.27

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ System Events ]

Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Service de gestion du système CryproStorage.

 

Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7000

Description = Le service Service de gestion du système CryproStorage n'a pas pu

démarrer en raison de l'erreur : %%1053

 

Error - 27/03/2011 08:44:32 | Computer Name = MERIGLIE-8B4AA0 | Source = System Error | ID = 1003

Description = Code erreur 1000007e, paramètre 1 c0000005, paramètre 2 a64e912c,

paramètre 3 a5e8ab10, paramètre 4 a5e8a80c.

 

Error - 16/03/2011 13:29:04 | Computer Name = MERIGLIE-8B4AA0 | Source = W32Time | ID = 39452706

Description = Le service de temps a détecté que l'heure système doit être modifiée

de +2674802 secondes. Le service de temps ne va pas modifier l'heure système de plus

de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects

et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123)

fonctionne correctement.

 

Error - 25/04/2011 03:03:01 | Computer Name = MERIGLIE-8B4AA0 | Source = PlugPlayManager | ID = 11

Description = Le périphérique Root\LEGACY_UNLOCKERDRIVER5\0000 a disparu du système

sans que sa suppression ait tout d'abord été préparée.

 

Error - 25/04/2011 23:20:05 | Computer Name = MERIGLIE-8B4AA0 | Source = Dhcp | ID = 1002

Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse

réseau est 406186C33FAB a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a

envoyé un message DHCPNACK).

 

Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = SRService | ID = 104

Description = Le processus d'initialisation de la restauration du système a échoué.

 

Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7023

Description = Le service Service de restauration système s'est arrêté avec l'erreur :

%%2

 

 

< End of report >

[marsouin10_0]

voici les rapports:

 

 

OTL logfile created on: 26/04/2011 18:21:20 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS

 

Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

PRC - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) -- C:\Program Files\Microsoft\sysNM.exe

PRC - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

PRC - [2010/07/04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe

PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

PRC - [2006/02/07 10:07:02 | 000,200,704 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe

PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2003/08/29 15:20:02 | 000,077,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe

PRC - [2003/08/29 08:44:50 | 000,135,214 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVComS.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/07/04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll

MOD - [2007/02/05 09:29:04 | 000,139,264 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/04/12 14:15:04 | 000,020,480 | RHS- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Microsoft\sysNM.exe -- (WinSysINM)

SRV - [2011/03/10 14:42:22 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV - [2010/10/01 22:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)

SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)

SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2010/08/30 11:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)

DRV - [2009/12/25 12:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)

DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)

DRV - [2009/11/27 09:20:06 | 000,177,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\klbg.sys -- (KLBG)

DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)

DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)

DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)

DRV - [2003/08/29 08:43:48 | 000,334,096 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = Sign In

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Banque et Assurance LCL - Le Crédit Lyonnais Particuliers [binary data]

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Abonnement Adsl Haut débit avec Alice France. Page d'accueil du portail.

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/08/21 08:09:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/08/28 11:15:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/29 11:33:04 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ECarteBleueBrowserHelper Class) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (Orbiscom Ltd. All rights reserved.)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\..\Toolbar\WebBrowser: (&Liens) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [eCarteBleue-CLEO] C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe (Orbiscom Ltd. All rights reserved.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()

O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-602162358-1844823847-839522115-1004..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Mon Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} http://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab (Kaspersky License Finder)

O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab (KeybHunterWebInterface Class)

O16 - DPF: {50DC58D0-C870-4BE6-BC41-971ED2D5F022} http://www.super-messenger.fr/tab/HookWlmEx.exe (HookWlmEx Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282320427890 (MUWebControl Class)

O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} file:///C:/Program%20Files/Formation%20interactive%20Microsoft/o10c/mitm0026.cab (Microsoft Office XP Professional Step by Step Interactive)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_1_0.cab ("Ma-Config.com control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/20 10:40:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.enc - C:\WINDOWS\System32\ITIG726.acm (Ingenient Technologies, Inc.)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

 

CREATERESTOREPOINT

Error starting restore point: System Restore is disabled.

Error closing restore point: System Restore is disabled.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/04/26 18:16:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

[2011/04/25 13:12:57 | 012,660,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe

[2011/04/25 09:18:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/04/25 08:32:53 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/04/25 08:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/04/24 15:20:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2011/04/24 15:20:10 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2011/04/24 10:25:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Robert\Recent

[2011/04/22 17:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Mes documents\depannage zebulon

[2011/04/22 06:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Java

[2011/04/22 06:16:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/04/22 06:16:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag

[2011/04/21 18:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP

[2011/04/14 06:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2011/04/14 06:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype

[2011/04/14 06:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype

[2011/04/11 10:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Unlocker

[2011/04/11 07:45:43 | 000,000,000 | ---D | C] -- C:\rsit

[2011/04/10 06:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com

[2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Outils d'administration

[2011/04/06 12:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Démarrage

[2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Coolscript2

[2011/04/06 12:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\CCleaner

[2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Radio Fr Solo 2.1

[2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer

[2011/04/06 12:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert\Menu Démarrer\Programmes\Accessoires

[2011/04/04 10:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis

[2011/03/29 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab

[2011/03/29 11:31:00 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/04/26 18:21:49 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011/04/26 18:16:11 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert\Bureau\OTL.scr

[2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2011/04/26 18:11:09 | 2137,247,744 | -HS- | M] () -- C:\hiberfil.sys

[2011/04/26 18:11:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/04/26 09:26:10 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET

[2011/04/26 09:03:41 | 000,000,039 | ---- | M] () -- C:\WINDOWS\BELOTEXP.INI

[2011/04/26 07:29:47 | 000,001,006 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Ludi.lnk

[2011/04/25 13:12:57 | 012,660,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Robert\Bureau\Firefox Setup 4.0.exe

[2011/04/25 08:33:01 | 000,000,332 | RHS- | M] () -- C:\boot.ini

[2011/04/22 08:36:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk

[2011/04/22 06:15:41 | 000,552,342 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat

[2011/04/22 06:15:40 | 000,481,136 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/04/22 06:15:40 | 000,094,042 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat

[2011/04/22 06:15:40 | 000,079,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/04/21 17:09:25 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin

[2011/04/20 10:29:06 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk

[2011/04/17 18:54:08 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Page d'authentification - Caisse d'Epargne.url

[2011/04/17 09:15:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/04/15 06:28:55 | 002,036,736 | ---- | M] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps

[2011/04/14 06:56:23 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Robert\Bureau\Microsoft PowerPoint.lnk

[2011/04/14 06:55:44 | 000,001,208 | ---- | M] () -- C:\WINDOWS\Radio_Fr.ini

[2011/04/13 07:08:12 | 000,161,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/04/07 07:09:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\CCleaner.lnk

[2011/04/05 06:31:37 | 000,115,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011/04/05 06:31:37 | 000,097,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat

[2011/03/29 11:31:00 | 000,315,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys

[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/04/26 18:21:49 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011/04/25 08:33:01 | 000,000,216 | ---- | C] () -- C:\Boot.bak

[2011/04/25 08:32:56 | 000,263,488 | RHS- | C] () -- C:\cmldr

[2011/04/21 17:09:25 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin

[2011/04/20 10:29:06 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Defraggler.lnk

[2011/04/15 06:28:53 | 002,036,736 | ---- | C] () -- C:\Documents and Settings\Robert\Mes documents\Homme-parfait.pps

[2011/04/14 06:30:46 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\Robert\Bureau\Skype.lnk

[2011/03/29 11:34:45 | 000,115,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat

[2011/03/29 11:34:45 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat

[2011/01/28 12:44:12 | 000,172,846 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2010/12/26 11:58:15 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2010/12/25 10:51:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010/10/12 16:54:28 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/10/07 08:11:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\WD.INI

[2010/08/21 11:15:49 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BELOTEXP.INI

[2010/08/21 10:53:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE

[2010/08/21 08:35:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/21 08:03:12 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\fusioncache.dat

[2010/08/20 17:52:07 | 000,001,208 | ---- | C] () -- C:\WINDOWS\Radio_Fr.ini

[2010/08/20 17:05:53 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2010/08/20 16:46:26 | 000,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/08/20 12:30:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/08/20 12:29:09 | 000,161,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/20 11:58:06 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Robert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/20 11:06:09 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2010/08/20 11:01:33 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2010/08/20 10:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/08/20 10:38:31 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

[2007/03/09 16:27:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/05 14:00:00 | 000,552,342 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat

[2004/08/05 14:00:00 | 000,481,136 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat

[2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/05 14:00:00 | 000,094,042 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat

[2004/08/05 14:00:00 | 000,079,210 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat

[2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1998/10/27 00:00:00 | 001,691,408 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL

[1998/10/27 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL

[1998/10/27 00:00:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL

[1998/10/27 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

 

========== LOP Check ==========

 

[2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/08/20 14:45:33 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Application Data

[2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Bureau

[2011/02/10 07:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Canon

[2010/08/20 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Contacts

[2010/08/20 14:45:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Favoris

[2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\FotoWire

[2010/08/20 14:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\GlarySoft

[2010/12/04 09:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\gtk-2.0

[2010/08/20 14:48:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Local Settings

[2010/08/20 14:48:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Menu Démarrer

[2010/08/20 14:48:56 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Robert\Application Data\Mes documents

[2010/08/20 14:59:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Modèles

[2011/01/08 09:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\moovida-1

[2010/08/22 08:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\OpenOffice.org

[2010/08/20 14:59:27 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\Recent

[2010/08/20 14:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\ScanSoft

[2010/08/20 14:59:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Robert\Application Data\SendTo

[2010/10/24 08:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\SoftGrid Client

[2010/08/20 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Todae

[2010/12/10 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert\Application Data\Tracing

[2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage d'impression

[2010/08/20 14:59:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Robert\Application Data\Voisinage réseau

[2011/04/26 18:12:11 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %ALLUSERSPROFILE%\Application Data\*. >

[2011/03/21 07:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2010/08/20 15:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/08/20 17:04:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/08/20 17:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2011/04/26 18:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

[2011/03/29 11:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2011/04/10 06:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/10/10 11:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/02/16 07:36:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010/10/07 06:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2011/01/08 10:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/08/20 17:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2011/04/14 06:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2011/04/20 06:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype Extras

[2010/08/22 08:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/08/20 11:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2008/11/11 19:32:32 | 000,079,184 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\French\setup.exe

[2009/11/14 15:26:08 | 000,064,088 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\French\setup.exe

[2010/10/01 21:02:22 | 000,648,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\autorun.exe

[2010/10/01 21:02:20 | 000,064,120 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky PURE 9.1.0.124\French\setup.exe

 

< %appdata% *.exe /s >

 

 

< MD5 for: AGP440.SYS >

[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 

< MD5 for: ALG.EXE >

[2004/08/05 14:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=2FE681D10C5FC343DBBC0610B8DD4D24 -- C:\WINDOWS\$NtServicePackUninstall$\alg.exe

[2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\ServicePackFiles\i386\alg.exe

[2008/04/14 04:33:53 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=5E9A6658A2A69AE7EB195113B7A2E7A9 -- C:\WINDOWS\system32\alg.exe

 

< MD5 for: ATAPI.SYS >

[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

 

< MD5 for: CDROM.SYS >

[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2010/08/20 14:15:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[2004/08/05 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

 

< MD5 for: CSRSS.EXE >

[2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=78C1F1278CF2C9B476504C572CB98E5E -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

[2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe

[2008/04/14 04:33:59 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=E0E8A531CFCE1C2E5D79F683282C10C3 -- C:\WINDOWS\system32\csrss.exe

 

< MD5 for: EVENTLOG.DLL >

[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe

[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 

< MD5 for: FXSSVC.EXE >

[2008/04/14 04:34:05 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=305687EB8C8E0A12A0B2BAE387B6E466 -- C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe

[2004/08/05 14:00:00 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=312AD40E462BD61763B1166D6D8C1642 -- C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe

 

< MD5 for: IESETUP.DLL >

[2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\dllcache\iesetup.dll

[2009/03/08 04:32:50 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=1B6FF5B9A21DE2E89BB014932A414E7E -- C:\WINDOWS\system32\iesetup.dll

[2008/04/14 04:33:26 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=61BF4A6E843A4FE8CE54448420B017D4 -- C:\WINDOWS\ServicePackFiles\i386\iesetup.dll

[2004/08/05 14:00:00 | 000,063,488 | ---- | M] (Microsoft Corporation) MD5=ED2C35BB6489A71DEAB88E8AA12DC951 -- C:\WINDOWS\ie8\iesetup.dll

 

< MD5 for: INSENG.DLL >

[2010/04/16 17:21:22 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=2EBE30F9A0B657A6C4D8F19D63522246 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\inseng.dll

[2004/08/05 14:00:00 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=3F2AC9F8FFF0A4DD2868B57AF2937E1D -- C:\WINDOWS\$NtUninstallKB982381$\inseng.dll

[2008/04/14 04:33:27 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=46FFA5E6526403C1882843705BEA627C -- C:\WINDOWS\ServicePackFiles\i386\inseng.dll

[2010/04/16 17:36:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=89986430979BA0BB2621E0BAB6AAAB7A -- C:\WINDOWS\ie8\inseng.dll

[2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\dllcache\inseng.dll

[2009/03/08 04:32:46 | 000,094,720 | ---- | M] (Microsoft Corporation) MD5=8FAAFF28147935E5847F980607965FFE -- C:\WINDOWS\system32\inseng.dll

 

< MD5 for: LOCATOR.EXE >

[2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\ServicePackFiles\i386\locator.exe

[2008/04/14 04:34:09 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=499C59A2584F6D4EA41E944DA571D993 -- C:\WINDOWS\system32\locator.exe

[2004/08/05 14:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=57CF313EB5CB2C9A0B3FF67437BECDFA -- C:\WINDOWS\$NtServicePackUninstall$\locator.exe

 

< MD5 for: LSASS.EXE >

[2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ERDNT\cache\lsass.exe

[2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe

[2008/04/14 04:34:09 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=91E6024D6D4DCDECDB36C43ECF9BBECB -- C:\WINDOWS\system32\lsass.exe

[2004/08/05 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=9F3744A5C6F49291A7A685040A013399 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe

 

< MD5 for: MSDTC.EXE >

[2004/08/05 14:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=680639B08040CEC24B8BD873B1F02F51 -- C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe

[2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\ServicePackFiles\i386\msdtc.exe

[2008/04/14 04:34:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=8648D670AE0D95C95E7BBB5B80661796 -- C:\WINDOWS\system32\msdtc.exe

 

< MD5 for: MSHTML.DLL >

[2010/11/06 02:25:05 | 005,960,704 | ---- | M] (Microsoft Corporation) MD5=04210EEC4675E1304C0F9BDCE7A6735F -- C:\WINDOWS\$hf_mig$\KB2416400-IE8\SP3QFE\mshtml.dll

[2010/09/10 07:50:17 | 005,957,120 | ---- | M] (Microsoft Corporation) MD5=07F85C15C4C0950DB8B5D4509D38182D -- C:\WINDOWS\ie8updates\KB2416400-IE8\mshtml.dll

[2004/08/05 14:00:00 | 003,003,392 | ---- | M] (Microsoft Corporation) MD5=3FE8D0C4C2F3B928192BD06DCEE34B32 -- C:\WINDOWS\$NtUninstallKB982381$\mshtml.dll

[2010/12/21 01:53:04 | 005,961,216 | ---- | M] (Microsoft Corporation) MD5=57840C53F8FA1928AD7A02A61C990401 -- C:\WINDOWS\ie8updates\KB2497640-IE8\mshtml.dll

[2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\ie8updates\KB2183461-IE8\mshtml.dll

[2010/05/06 12:33:42 | 005,950,976 | ---- | M] (Microsoft Corporation) MD5=58AF16DE738F10213E86FEF10836D0E5 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\mshtml.dll

[2010/04/16 18:07:56 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=5E2FF63E99CE871151A218DE09FC954F -- C:\WINDOWS\$hf_mig$\KB982381\SP3GDR\mshtml.dll

[2010/12/21 01:52:00 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=6CEA3DF10D6B27C2A98EBDD4DDBE7646 -- C:\WINDOWS\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll

[2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll

[2010/05/06 12:27:40 | 005,953,024 | ---- | M] (Microsoft Corporation) MD5=705DA0AFB48A9333747475AD5600A902 -- C:\WINDOWS\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\mshtml.dll

[2010/11/06 02:21:44 | 005,959,168 | ---- | M] (Microsoft Corporation) MD5=77EF4923A564EE6415A0204B299C91C2 -- C:\WINDOWS\ie8updates\KB2482017-IE8\mshtml.dll

[2010/06/24 14:28:32 | 005,954,560 | ---- | M] (Microsoft Corporation) MD5=7B63F9D998AF9FB1E147A71871773F9C -- C:\WINDOWS\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll

[2011/02/23 01:25:23 | 005,964,800 | ---- | M] (Microsoft Corporation) MD5=87AD8BE7B6A2AA21BD05BAEEC42ADE1C -- C:\WINDOWS\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll

[2010/04/16 17:36:38 | 003,086,336 | ---- | M] (Microsoft Corporation) MD5=89B865375750836754A2503F584760A4 -- C:\WINDOWS\ie8\mshtml.dll

[2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\ERDNT\cache\mshtml.dll

[2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\dllcache\mshtml.dll

[2011/02/23 01:05:47 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=8B82D452F8BFCDC50D1C003957EB4C24 -- C:\WINDOWS\system32\mshtml.dll

[2010/04/16 17:21:25 | 003,094,016 | ---- | M] (Microsoft Corporation) MD5=BC72656B05A1DAE44C5B37709A19A575 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\mshtml.dll

[2008/04/14 04:33:31 | 003,066,880 | ---- | M] (Microsoft Corporation) MD5=C4153F037157C7BE7C54FD88887F027D -- C:\WINDOWS\ServicePackFiles\i386\mshtml.dll

[2010/06/24 14:25:23 | 005,951,488 | ---- | M] (Microsoft Corporation) MD5=D1829B36DF1006D2B0954910A757AF84 -- C:\WINDOWS\ie8updates\KB2360131-IE8\mshtml.dll

[2009/03/08 04:41:16 | 005,937,152 | ---- | M] (Microsoft Corporation) MD5=D469A0EBA2EF5C6BEE8065B7E3196E5E -- C:\WINDOWS\ie8updates\KB982381-IE8\mshtml.dll

[2010/04/16 18:00:50 | 003,094,528 | ---- | M] (Microsoft Corporation) MD5=E393E03FEDA7DD46EC8351195CB1E8CD -- C:\WINDOWS\$hf_mig$\KB982381\SP3QFE\mshtml.dll

[2010/09/10 07:47:25 | 005,958,656 | ---- | M] (Microsoft Corporation) MD5=E97A32E6341D4ED609514D59EB5D0E3D -- C:\WINDOWS\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll

 

< MD5 for: NDIS.SYS >

[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys

[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2004/08/05 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll

[2009/02/06 20:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll

[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 

< MD5 for: NVGTS.SYS >

[2009/06/30 17:31:18 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=17F915C35450783A446E70693AFA749B -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvgts.sys

[2009/06/30 17:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sata_ide\nvgts.sys

 

< MD5 for: PNGFILT.DLL >

[2010/04/16 17:36:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=0CC738DBAFE72D93AE04A353AC37475F -- C:\WINDOWS\ie8\pngfilt.dll

[2004/08/05 14:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=218E0899E40D1ECD6A6E5B6D33805160 -- C:\WINDOWS\$NtUninstallKB982381$\pngfilt.dll

[2008/04/14 04:33:38 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=881267FB3006D2519BA122A370D118DA -- C:\WINDOWS\ServicePackFiles\i386\pngfilt.dll

[2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\dllcache\pngfilt.dll

[2009/03/08 04:31:36 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=E5FA1B044DAC5F6F600A1742D73F6936 -- C:\WINDOWS\system32\pngfilt.dll

[2010/04/16 17:21:26 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=E91CCDE0C6FE99E89FFDDB848DD49F19 -- C:\WINDOWS\$hf_mig$\KB982381\SP2QFE\pngfilt.dll

 

< MD5 for: SCECLI.DLL >

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 

< MD5 for: SNMPTRAP.EXE >

[2004/08/05 14:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4D5B5F0A63F52618E985E3C07BC783C1 -- C:\WINDOWS\$NtServicePackUninstall$\snmptrap.exe

[2008/04/14 04:34:22 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=522BE2694B8E3B2300B335575DDDA50E -- C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe

 

< MD5 for: SPOOLSV.EXE >

[2010/08/17 15:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe

[2008/04/14 04:34:23 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=460E4CE148BD07218DA0B6A3D31885A9 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe

[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe

[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe

[2004/08/05 14:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=B4EF928E4FAD79364A80ACBA6D999934 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

 

< MD5 for: TCPIP.SYS >

[2008/06/20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

[2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2004/08/05 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys

[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

 

< MD5 for: USERINIT.EXE >

[2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

 

< MD5 for: VSSVC.EXE >

[2004/08/05 14:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=0F5B203240184D34852936696DF3E91D -- C:\WINDOWS\$NtServicePackUninstall$\vssvc.exe

[2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\ServicePackFiles\i386\vssvc.exe

[2008/04/14 04:34:26 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=5A4DA252B2C0550AB83D129C02CF6C19 -- C:\WINDOWS\system32\vssvc.exe

 

< MD5 for: WEBCHECK.DLL >

[2004/08/05 14:00:00 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=85F7D0705A6781F9B07D6AA6341EBE75 -- C:\WINDOWS\ie8\webcheck.dll

[2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\dllcache\webcheck.dll

[2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) MD5=CC8915DB4E33E8FB29CA0D2DBF75306E -- C:\WINDOWS\system32\webcheck.dll

[2008/04/14 04:33:48 | 000,281,600 | ---- | M] (Microsoft Corporation) MD5=D38149872202B39139740319AAE84D30 -- C:\WINDOWS\ServicePackFiles\i386\webcheck.dll

 

< MD5 for: WINLOGON.EXE >

[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

 

< MD5 for: WMIAPSRV.EXE >

[2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe

[2008/04/14 04:34:28 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=4E8E8A58F56B25D0795F484E5EB7F898 -- C:\WINDOWS\system32\wbem\wmiapsrv.exe

[2004/08/05 14:00:00 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=77945EA0BFDD662203F07FE5513A409D -- C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe

 

< MD5 for: WMPNETWK.EXE >

[2006/11/03 09:59:14 | 000,918,016 | ---- | M] (Microsoft Corporation) MD5=C9BEA742CE225CC993C9465FDDAE4656 -- C:\Program Files\Windows Media Player\wmpnetwk.exe

 

< %systemroot%\*. /mp /s >

 

< >

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Robert\Bureau\Robert.exe:Updt_SummaryInformation

 

< End of report >

 

 

 

 

vlici le second rapport

 

 

OTL Extras logfile created on: 26/04/2011 18:21:20 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55,89 Gb Total Space | 38,39 Gb Free Space | 68,68% Space Free | Partition Type: NTFS

 

Computer Name: MERIGLIE-8B4AA0 | User Name: Robert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp

"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Coolscript2\cool script.exe" = C:\Program Files\Coolscript2\cool script.exe:*:Enabled:Cool -- (Cool Co. Ltd.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0810B8B7-7539-41D3-983E-6127FCF1CC9E}" = Ma-Config.com

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE

"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 24

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D6B54EF-65E4-4624-8709-03A3BBE2C240}" = e-Carte Bleue LCL

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}" = Paint.NET v3.10

"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage

"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack

"{9FD78518-7CBD-4071-8BE2-DDCA898890E0}" = network module

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A46C3CC2-B6F2-492D-83BF-52EB320307CC}" = Microsoft Office XP - Autoformation Interactive

"{A488D63E-B3DD-4423-892F-2F2EC8909518}" = Logitech QuickCam

"{AC76BA86-7AD7-1036-7B44-A82000000003}" = Adobe Reader 8.2.6 - Français

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"CamStudio 2.0 Fr_is1" = CamStudio 2.0 Fr

"CCleaner" = CCleaner

"Coolscript2" = CoolScript2(remove)

"Defraggler" = Defraggler

"e-Carte Bleue VISA Cléo" = e-Carte Bleue VISA Cléo

"Enregistrement utilisateur de Canon MP210 series" = Enregistrement utilisateur de Canon MP210 series

"Glary Utilities_is1" = Glary Utilities 2.33.0.1158

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE

"Logitech Print Service" = Logitech Print Service

"Ludi" = Ludi

"Ludiclub.com" = Ludiclub.com

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"mIRC" = mIRC

"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PhotoFiltre" = PhotoFiltre

"PowerpointImageExtractor_is1" = PowerpointImageExtractor

"PPTView97" = Microsoft PowerPoint Viewer 97

"QcDrv" = Programme de gestion Camera de Logitech®

"Radio_Fr" = Radio Fr Solo 2.1

"Unlocker" = Unlocker 1.9.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.10

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Zeb Help Process_is1" = ZebHelpProcess 2.46

"ZHPDiag_is1" = ZHPDiag 1.27

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-602162358-1844823847-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ System Events ]

Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7009

Description = Délai (30000 millisecondes) d'attente pour une connexion du service

Service de gestion du système CryproStorage.

 

Error - 26/03/2011 03:48:02 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7000

Description = Le service Service de gestion du système CryproStorage n'a pas pu

démarrer en raison de l'erreur : %%1053

 

Error - 27/03/2011 08:44:32 | Computer Name = MERIGLIE-8B4AA0 | Source = System Error | ID = 1003

Description = Code erreur 1000007e, paramètre 1 c0000005, paramètre 2 a64e912c,

paramètre 3 a5e8ab10, paramètre 4 a5e8a80c.

 

Error - 16/03/2011 13:29:04 | Computer Name = MERIGLIE-8B4AA0 | Source = W32Time | ID = 39452706

Description = Le service de temps a détecté que l'heure système doit être modifiée

de +2674802 secondes. Le service de temps ne va pas modifier l'heure système de plus

de +54000 secondes. Vérifiez que votre heure et votre fuseau horaire sont corrects

et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.2:123->207.46.197.32:123)

fonctionne correctement.

 

Error - 25/04/2011 03:03:01 | Computer Name = MERIGLIE-8B4AA0 | Source = PlugPlayManager | ID = 11

Description = Le périphérique Root\LEGACY_UNLOCKERDRIVER5\0000 a disparu du système

sans que sa suppression ait tout d'abord été préparée.

 

Error - 25/04/2011 23:20:05 | Computer Name = MERIGLIE-8B4AA0 | Source = Dhcp | ID = 1002

Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse

réseau est 406186C33FAB a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a

envoyé un message DHCPNACK).

 

Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = SRService | ID = 104

Description = Le processus d'initialisation de la restauration du système a échoué.

 

Error - 26/04/2011 12:21:49 | Computer Name = MERIGLIE-8B4AA0 | Source = Service Control Manager | ID = 7023

Description = Le service Service de restauration système s'est arrêté avec l'erreur :

%%2

 

 

< End of report >

[pear]

Pas d'infection visible dans votre rapport.

[marsouin10_0]

bonjour

j ai donc installé Firefox et adblock.le seul soucis c est que j ai encore des pub .

Modifié le 27 avril 2011 par marsouin10_0

[pear]

Télécharger DeFogger de Jpshortstuff sur le bureau.

Double cliquer sur DeFogger pour démarrer l'outil.

 

La fenêtre de DeFogger apparaît

Cliquer sur le bouton Disable pour désactiver les drivers d'émulateurs CD.

Cliquer sur Yes pour continuer

Un message 'Finished!' apparaîtra

Cliquer sur OK

DeFogger demandera de redémarrer la machine, OK

 

Ne réactivez PAS ces drivers avant la fin de la désinfection

 

Télécharger MBRCheck GtG

ou là:

Télécharger MBRCheck BleepingComputer

et sauvegarder sur le Bureau :

Sous Vista->Exécuter en tant que Administrateur

- Lancer l'outil par double-clic ; une fenêtre noire apparaîtra.

- Patienter une dizaine de secondes pour permettre à l'outil de compléter l'analyse.

- N'exécuter aucune action qui pourrait être proposée ;

appuyez alors alors sur la touche N puis Entrée deux fois.

Si rien n'est détecté, pressez touche Entrée

 

Dites si vous avez , en vert, le message Windows Xp Mbr code dtected

ou

si c'est ce message qui apparait:

Found non-standard or infected MBR.

[marsouin10_0]

v:oici le rapport

 

BRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000c

 

Kernel Drivers (total 121):

0x804D7000 \WINDOWS\system32\ntoskrnl.exe

0x80700000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF75F7000 klbg.sys

0xF7507000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF74F6000 pci.sys

0xF7607000 isapnp.sys

0xF74E2000 CSCrySec.sys

0xF789B000 compbatt.sys

0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7617000 MountMgr.sys

0xF74C3000 ftdisk.sys

0xF770F000 PartMgr.sys

0xF7627000 VolSnap.sys

0xF74AB000 atapi.sys

0xF7637000 disk.sys

0xF7647000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF748B000 fltmgr.sys

0xF7479000 sr.sys

0xF7462000 KSecDD.sys

0xF7B52000 Ntfs.sys

0xF7435000 NDIS.sys

0xF741B000 Mup.sys

0xB99C3000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB8D47000 \SystemRoot\system32\DRIVERS\igxpmp32.sys

0xB8D33000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB8D0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB8CDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys

0xF77DF000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB8CBB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF77E7000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB8CAA000 \SystemRoot\system32\DRIVERS\serial.sys

0xBA7D8000 \SystemRoot\system32\DRIVERS\serenum.sys

0xB8C96000 \SystemRoot\system32\DRIVERS\parport.sys

0xF76E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF76F7000 \SystemRoot\system32\DRIVERS\klmouflt.sys

0xF77F7000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF75C6000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF75B6000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF75A6000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB8C73000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7596000 \SystemRoot\system32\DRIVERS\klim5.sys

0xF7ABA000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA7CC000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB8C5C000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF7576000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF7566000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF77FF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB8C4B000 \SystemRoot\system32\DRIVERS\psched.sys

0xF7556000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7807000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF780F000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF7546000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF79BB000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB8BED000 \SystemRoot\system32\DRIVERS\update.sys

0xBA7C0000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7536000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xA7894000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xA7870000 \SystemRoot\system32\drivers\portcls.sys

0xBA790000 \SystemRoot\system32\drivers\drmk.sys

0xBA780000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79BF000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xA77F7000 \SystemRoot\system32\DRIVERS\klif.sys

0xBA7E8000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA760000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF79C1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB9338000 \SystemRoot\System32\Drivers\Null.SYS

0xF79C3000 \SystemRoot\System32\Drivers\Beep.SYS

0xF776F000 \SystemRoot\System32\drivers\vga.sys

0xF79C5000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF7777000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF777F000 \SystemRoot\System32\Drivers\Npfs.SYS

0xBA7DC000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xA728F000 \??\C:\WINDOWS\system32\drivers\kl1.sys

0xF7787000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xA7254000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xA71FB000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xA71D3000 \SystemRoot\system32\DRIVERS\netbt.sys

0xA71AD000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xBA750000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xA718B000 \SystemRoot\System32\drivers\afd.sys

0xBA740000 \SystemRoot\system32\DRIVERS\netbios.sys

0xA7160000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xA70F0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xBA730000 \SystemRoot\System32\Drivers\Fips.SYS

0xF778F000 \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys

0xA6FFF000 \SystemRoot\system32\DRIVERS\CamDrL21.sys

0xBA710000 \SystemRoot\system32\DRIVERS\STREAM.SYS

0xF7797000 \SystemRoot\system32\DRIVERS\USBCAMD.SYS

0xA6F72000 \SystemRoot\system32\DRIVERS\lvsvf2.sys

0xF7677000 \SystemRoot\system32\drivers\usbaudio.sys

0xB9A13000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xA5FF2000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF79D9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xA728B000 \SystemRoot\System32\drivers\Dxapi.sys

0xB8BC5000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7A89000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF024000 \SystemRoot\System32\igxpgd32.dll

0xBF012000 \SystemRoot\System32\igxprd32.dll

0xBF04F000 \SystemRoot\System32\igxpdv32.DLL

0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL

0xBF47A000 \SystemRoot\System32\ATMFD.DLL

0xA5EBE000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA5C2D000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7997000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xA5ABD000 \SystemRoot\system32\DRIVERS\srv.sys

0xA5698000 \SystemRoot\system32\drivers\wdmaud.sys

0xA56E5000 \SystemRoot\system32\drivers\sysaudio.sys

0xA544F000 \SystemRoot\System32\Drivers\HTTP.sys

0xA39A4000 \SystemRoot\system32\drivers\kmixer.sys

0x7C910000 \WINDOWS\system32\ntdll.dll

 

Processes (total 41):

0 System Idle Process

4 System

972 C:\WINDOWS\system32\smss.exe

1020 csrss.exe

1044 C:\WINDOWS\system32\winlogon.exe

1092 C:\WINDOWS\system32\services.exe

1104 C:\WINDOWS\system32\lsass.exe

1284 C:\WINDOWS\system32\svchost.exe

1372 svchost.exe

1500 C:\WINDOWS\system32\svchost.exe

1656 svchost.exe

1760 svchost.exe

1952 C:\WINDOWS\system32\spoolsv.exe

140 svchost.exe

172 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

204 C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

244 C:\Program Files\Fichiers communs\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

292 C:\Program Files\Java\jre6\bin\jqs.exe

524 C:\WINDOWS\system32\svchost.exe

108 C:\Program Files\Microsoft\sysNM.exe

332 alg.exe

2396 C:\WINDOWS\system32\wbem\wmiapsrv.exe

3036 C:\WINDOWS\explorer.exe

3312 C:\WINDOWS\system32\igfxtray.exe

3660 C:\WINDOWS\system32\hkcmd.exe

3680 C:\WINDOWS\system32\igfxsrvc.exe

3688 C:\WINDOWS\system32\igfxpers.exe

3740 C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

3764 C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe

220 C:\Program Files\Logitech\Video\LogiTray.exe

412 C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe

424 C:\Program Files\Unlocker\UnlockerAssistant.exe

428 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

448 C:\WINDOWS\system32\ctfmon.exe

404 C:\WINDOWS\system32\LVComS.exe

3588 C:\Program Files\Windows Live\Contacts\wlcomm.exe

4000 wmiprvse.exe

2884 C:\Program Files\Mozilla Firefox\firefox.exe

1968 C:\Program Files\Mozilla Firefox\plugin-container.exe

1520 C:\Documents and Settings\Robert\Bureau\Defogger(1).exe

1340 C:\Documents and Settings\Robert\Bureau\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

 

PhysicalDrive0 Model Number: ST360012A, Rev: 3.30

 

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 8637A6CD1F8DC55758E12C0B860CDE1133CA5719