Il y a actuellement 534 visiteurs
Jeudi 21 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

[Réglé] Infecté par Navipromo

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

[Réglé] Infecté par Navipromo

Message le 11 Déc 2010 10:49

Je pense avoir un virus ...
pouvez vous m'aider a déterminer s'il y en a ou s'il n'y en a pas et les supprimer
merci

OS: XP


Scan OTL "OTL.txt"
Code: Tout sélectionner
OTL logfile created on: 11/12/2010 10:26:44 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 022,00 Mb Total Physical Memory | 505,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 113,73 Gb Total Space | 14,74 Gb Free Space | 12,96% Space Free | Partition Type: FAT32
Drive D: | 114,22 Gb Total Space | 84,70 Gb Free Space | 74,15% Space Free | Partition Type: FAT32
 
Computer Name: ACER-MERLE | User Name: Philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Documents and Settings\Philippe\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Kodak\MediaImpression SE\ArcMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\system32\ServoApp.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Documents and Settings\Philippe\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe (Anuman Interactive)
PRC - C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
PRC - C:\Program Files\Wanadoo\PollingModule.exe ()
PRC - C:\WINDOWS\system32\AlertModule\AlertModule.exe ()
PRC - C:\Program Files\Wanadoo\TaskBarIcon.exe (France Télécom R&D)
PRC - C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
PRC - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Documents and Settings\Philippe\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (Acer Media Server) -- C:\Program Files\Acer\Acer eConsole\MediaServerService.exe (Acer Inc.)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (FTRTSVC) -- C:\WINDOWS\system32\FTRTSVC.exe (France Telecom)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (Trufos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys File not found
DRV - (Profos) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys File not found
DRV - (PCAMPR5) -- C:\WINDOWS\System32\PCAMPR5.SYS File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALIWEHCD) -- C:\WINDOWS\system32\drivers\mfpec.sys (None)
DRV - (WUSBVBus) -- C:\WINDOWS\system32\drivers\mfpvbus.sys (None)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\Changer.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (Camav) -- C:\WINDOWS\system32\drivers\Camav.sys (Samsung electronics, Inc)
DRV - (camflt) -- C:\WINDOWS\system32\drivers\camflt.sys (Devguru Corporation, Inc)
DRV - (SQTECH913D) -- C:\WINDOWS\system32\drivers\Capt913d.sys (Service & Quality Technology.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (DCamUSBSTK013) -- C:\WINDOWS\system32\drivers\stk013w2.sys (Syntek Ltd.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (Ca533av) Icatch(IV) -- C:\WINDOWS\system32\drivers\Ca533av.sys (Digital Camera)
DRV - (USBCamera) Icatch(IV) -- C:\WINDOWS\system32\drivers\Bulk533.sys (USB BULK)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E9 AD 31 54 48 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll ()
IE - HKCU\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension [2009/06/27 19:13:50 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2008/12/21 15:54:08 | 000,290,333 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1   www.007guard.com
O1 - Hosts: 127.0.0.1   007guard.com
O1 - Hosts: 127.0.0.1   008i.com
O1 - Hosts: 127.0.0.1   www.008k.com
O1 - Hosts: 127.0.0.1   008k.com
O1 - Hosts: 127.0.0.1   www.00hq.com
O1 - Hosts: 127.0.0.1   00hq.com
O1 - Hosts: 127.0.0.1   010402.com
O1 - Hosts: 127.0.0.1   www.032439.com
O1 - Hosts: 127.0.0.1   032439.com
O1 - Hosts: 127.0.0.1   www.0scan.com
O1 - Hosts: 127.0.0.1   0scan.com
O1 - Hosts: 127.0.0.1   1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1000gratisproben.com
O1 - Hosts: 127.0.0.1   www.1001namen.com
O1 - Hosts: 127.0.0.1   1001namen.com
O1 - Hosts: 127.0.0.1   www.100888290cs.com
O1 - Hosts: 127.0.0.1   100888290cs.com
O1 - Hosts: 127.0.0.1   www.100sexlinks.com
O1 - Hosts: 127.0.0.1   100sexlinks.com
O1 - Hosts: 127.0.0.1   www.10sek.com
O1 - Hosts: 127.0.0.1   10sek.com
O1 - Hosts: 127.0.0.1   www.1-2005-search.com
O1 - Hosts: 127.0.0.1   1-2005-search.com
O1 - Hosts: 9998 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression SE\ArcMonitor.exe (ArcSoft, Inc.)
O4 - HKLM..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe (Acer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Controleur de calendrier pour Ulead Photo Express] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe (Acer Inc.)
O4 - HKLM..\Run: [MFP Manager] C:\Program Files\MFP Server\MFPAgent.exe File not found
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Server Application] C:\WINDOWS\system32\ServoApp.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe File not found
O4 - HKLM..\Run: [WOOWATCH] C:\Program Files\Wanadoo\Watch.exe (France Télécom R&D)
O4 - HKCU..\Run: [AnumanLive] C:\Documents and Settings\Philippe\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe (Anuman Interactive)
O4 - HKCU..\Run: [EPSON Stylus DX7000F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe ()
O4 - HKCU..\Run: [yrsyqdo] c:\documents and settings\philippe\local settings\application data\yrsyqdo.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\4.0;  File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\STK013 PNP Monitor.lnk = C:\Program Files\STK013\STK013M.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O4 - Startup: C:\Documents and Settings\Philippe\Menu Démarrer\Programmes\Démarrage\ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe (Ubi Soft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00  [binary data]
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.17\AMVConverter\grab.html ()
O15 - HKCU\..Trusted Domains: orange.fr ([logicielsgratuits] http in Trusted sites)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://qp1.orion.education.fr/qp2.cab (QuickPlace Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {5A779DC0-837B-4590-AC42-C7C0847478C5} http://logicielsgratuits.orange.fr/download_service/Install/OrangeInstaller.cab (OrangeInstaller_ModuleIE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156283514093 (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} http://webtv.guidetv.orange.fr/resources/OCS_8971.cab (FTMediaPlayer Class)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} http://orange.securitoo.com/pchc/fscax.cab (F-Secure Health Check 1.1)
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB (MediaBar)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/23 12:12:06 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{DFB17AA8-042A-429D-987C-26CE244A4189} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.SP54 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)
Drivers32: VIDC.SP55 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)
Drivers32: VIDC.SP56 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)
Drivers32: VIDC.SP57 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)
Drivers32: VIDC.SP58 - C:\WINDOWS\System32\Sp5x_32.dll (Sunplus)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/12/11 10:25:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/12/06 16:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/06 15:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ArcSoft
[2010/12/06 15:50:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/12/06 15:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/12/06 15:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\ArcSoft
[2010/12/06 15:43:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010/12/06 15:43:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dc210_32.dll
[2010/12/06 15:43:43 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/12/06 15:43:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010/12/06 15:43:42 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dc210usd.dll
[2010/12/04 18:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DOSBox
[2010/12/04 18:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2010/12/04 18:06:21 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Documents and Settings\Philippe\Bureau\DOSBox0.74-win32-installer.exe
[2010/12/01 16:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Lemmings (vrai ICI°
[2010/12/01 15:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\lemmings (FAUX demo)
[2010/11/23 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Pascal
[2010/11/14 13:55:34 | 000,000,000 | -HSD | C] -- C:\FOUND.079
[2010/11/13 20:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\Avira
[2009/12/27 15:13:46 | 001,164,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[533 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/12/11 10:25:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\OTL.exe
[2010/12/11 10:23:56 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7F2F80B7-7154-4694-86E9-589AC889E5BD}.job
[2010/12/11 10:23:02 | 000,003,503 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\ggbmam.ggb
[2010/12/11 10:01:02 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/11 10:01:02 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/12/11 09:01:02 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/11 08:53:38 | 000,000,682 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010/12/11 08:52:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/11 08:51:52 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 19:40:30 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Microsoft Office Word 2003.lnk
[2010/12/08 22:20:44 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Document Microsoft Word.doc
[2010/12/08 22:18:46 | 000,929,720 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\ds2.jpg
[2010/12/07 11:31:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/06 16:11:16 | 000,223,744 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 16:01:38 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/12/06 15:50:12 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Media Impression SE for Kodak.lnk
[2010/12/05 18:53:24 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2010/12/04 18:06:30 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DOSBox 0.74.lnk
[2010/12/04 18:06:22 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Documents and Settings\Philippe\Bureau\DOSBox0.74-win32-installer.exe
[2010/12/01 21:40:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\sauvegarde.job
[2010/12/01 16:26:14 | 000,396,495 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\Lemmings.zip
[2010/12/01 15:02:20 | 000,244,157 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\lemmings.zip
[2010/11/28 20:58:54 | 000,449,848 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\org166.pdf
[2010/11/28 20:56:18 | 000,435,606 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\org165.pdf
[2010/11/25 22:41:40 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Meteo en France.lnk
[2010/11/25 22:41:40 | 000,001,164 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Meteo en France.lnk
[2010/11/24 21:52:38 | 000,051,754 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\org164.pdf
[2010/11/23 21:58:10 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Présentation Microsoft PowerPoint.ppt
[2010/11/23 19:01:18 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Raccourci vers pymclaire.lnk
[2010/11/21 18:56:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 20:11:24 | 054,115,280 | ---- | M] () -- C:\Program Files\avira_antivir_personal_free.exe
[2010/11/12 18:33:00 | 000,165,956 | ---- | M] () -- C:\Documents and Settings\Philippe\Mes documents\anniv tet.pds
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[533 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/12/11 10:23:01 | 000,003,503 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\ggbmam.ggb
[2010/12/08 22:20:42 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Document Microsoft Word.doc
[2010/12/08 22:18:43 | 000,929,720 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\ds2.jpg
[2010/12/06 16:01:37 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/12/06 15:50:11 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Media Impression SE for Kodak.lnk
[2010/12/04 18:06:28 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\DOSBox 0.74.lnk
[2010/12/01 16:26:10 | 000,396,495 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\Lemmings.zip
[2010/12/01 15:02:15 | 000,244,157 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\lemmings.zip
[2010/11/28 20:58:52 | 000,449,848 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\org166.pdf
[2010/11/28 20:56:16 | 000,435,606 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\org165.pdf
[2010/11/25 22:41:38 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Meteo en France.lnk
[2010/11/25 22:41:38 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Meteo en France.lnk
[2010/11/24 21:52:37 | 000,051,754 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\org164.pdf
[2010/11/23 21:58:09 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Présentation Microsoft PowerPoint.ppt
[2010/11/23 19:01:17 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Raccourci vers pymclaire.lnk
[2010/11/13 20:11:22 | 054,115,280 | ---- | C] () -- C:\Program Files\avira_antivir_personal_free.exe
[2010/11/12 18:32:58 | 000,165,956 | ---- | C] () -- C:\Documents and Settings\Philippe\Mes documents\anniv tet.pds
[2010/09/20 14:26:29 | 000,002,034 | ---- | C] () -- C:\WINDOWS\geom3D.ini
[2010/05/13 15:54:41 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Philippe\Application Data\qvjsge.dat
[2010/01/20 13:44:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/12/22 16:26:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/18 12:40:42 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2009/03/18 12:40:42 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2009/01/20 18:04:19 | 000,000,540 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/12/21 16:15:49 | 000,000,087 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/12 17:07:52 | 000,450,560 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2008/12/12 17:07:52 | 000,172,032 | R--- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2008/12/11 17:05:27 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008/10/25 14:50:07 | 000,008,133 | ---- | C] () -- C:\WINDOWS\System32\MFPScript.ini
[2008/10/25 14:50:05 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ddschk.dll
[2008/10/25 14:50:05 | 000,000,548 | ---- | C] () -- C:\WINDOWS\System32\cliktext.ini
[2008/10/25 14:50:04 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\mfpcoins.dll
[2008/10/25 14:45:52 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX400DEFGIPSDaFiNoSv.ini
[2008/09/21 15:26:31 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/09/03 15:08:48 | 000,001,861 | ---- | C] () -- C:\WINDOWS\System32\MSMINI.DLL
[2008/08/25 14:15:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/04/21 12:50:09 | 000,005,140 | ---- | C] () -- C:\WINDOWS\DfCache.ini
[2008/04/21 12:49:51 | 000,002,204 | ---- | C] () -- C:\WINDOWS\System32\drivers\UNINST2K.SYS
[2008/04/21 12:49:05 | 000,003,083 | ---- | C] () -- C:\WINDOWS\System32\Dfusbpdr.ini
[2008/01/10 16:25:33 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2008/01/02 21:55:17 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/01/02 21:55:17 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/12/25 10:05:15 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/09 19:22:49 | 000,004,973 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ykchslwbdf_s2m.xml
[2007/12/09 19:22:48 | 000,004,662 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ykchslwbdf_m2s.xml
[2007/12/09 19:22:48 | 000,001,796 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ykchslwbdf_m2s.zl
[2007/12/09 19:22:48 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ykchslwbdf_s2m.zl
[2007/12/05 00:13:51 | 000,004,665 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\ykchslwbdf.dat
[2007/12/01 11:37:02 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/09/26 12:09:16 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/09/26 12:09:16 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/09/26 12:09:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/09/12 11:04:55 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2007/09/12 11:01:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bbcauto.INI
[2007/08/29 19:08:40 | 000,001,888 | ---- | C] () -- C:\WINDOWS\CA533A.INI
[2007/08/29 19:08:39 | 000,001,325 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2007/06/26 19:45:48 | 000,000,167 | ---- | C] () -- C:\WINDOWS\ASYM.ini
[2007/06/24 21:53:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/06/24 20:09:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX7000FEFDG.ini
[2007/04/17 22:34:04 | 000,104,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\MPIXVID.SYS
[2007/02/04 17:37:52 | 000,032,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\STK013W1.sys
[2007/01/13 19:23:56 | 000,001,394 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2007/01/07 12:06:31 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/01/07 12:06:31 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/12/18 18:13:08 | 000,001,039 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/10/28 11:43:00 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2006/10/11 16:07:18 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/09/09 16:14:34 | 000,223,744 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/09 16:12:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\pex.INI
[2006/08/29 22:09:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006/08/28 22:05:23 | 000,000,112 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/08/28 21:41:28 | 000,000,287 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/08/28 21:40:54 | 000,000,033 | ---- | C] () -- C:\WINDOWS\AMT.INI
[2006/08/26 17:07:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/08/23 22:40:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/08/23 22:39:58 | 000,001,682 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/08/23 22:39:58 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/08/23 22:39:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/08/23 00:11:12 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\fusioncache.dat
[2006/08/22 21:58:11 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/22 20:45:39 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2006/08/22 19:30:53 | 000,000,682 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006/08/22 19:25:08 | 000,000,294 | ---- | C] () -- C:\WINDOWS\PowerOption.ini
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/10/20 12:50:20 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/09/16 14:14:00 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/02/03 11:11:40 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/23 12:37:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/23 12:12:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/01/23 12:11:42 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/01/23 11:57:50 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/08/05 05:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004352_.tmp.dll
[2004/08/05 05:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004320_.tmp.dll
[2004/08/05 05:00:00 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/01 10:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2001/07/06 00:19:00 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[1997/06/14 12:56:08 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2006/08/29 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/06/24 20:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/06/24 21:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/07/11 11:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eConsole
[2007/11/24 11:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2008/05/02 20:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/02 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2008/08/25 14:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2008/10/01 13:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/01 13:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/01/17 21:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aplusix
[2009/04/11 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/10/31 21:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/31 21:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2006/08/23 22:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Canon
[2006/08/29 22:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Ulead Systems
[2006/09/04 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\MSNInstaller
[2007/06/25 19:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\EPSON
[2008/10/10 14:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\IndexEducation
[2008/11/27 13:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2009/07/09 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Icones
[2009/10/21 08:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\bayardKids.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
[2010/02/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sony
[2010/02/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sony Setup
[2010/07/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Foxit
[2010/07/08 19:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Foxit Software
[2010/08/30 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Anuman Interactive
[2010/12/01 21:40:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\sauvegarde.job
[2010/12/11 10:23:56 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7F2F80B7-7154-4694-86E9-589AC889E5BD}.job
[2010/12/11 10:01:02 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[2005/01/23 11:51:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006/08/23 00:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006/08/29 22:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2006/08/29 22:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2006/08/31 20:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/05/24 18:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2007/06/24 20:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/06/24 21:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/07/11 11:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eConsole
[2007/11/24 11:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
[2007/12/02 14:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2007/12/25 09:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/12/25 09:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/05/02 20:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/02 20:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2008/08/10 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/08/10 18:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/08/25 14:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2008/09/23 10:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/01 13:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/01 13:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/01/17 21:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aplusix
[2009/04/11 08:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2009/10/31 21:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/31 21:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/10/31 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/11/30 21:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/06 11:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/04/05 10:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/06 15:50:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[2010/09/21 20:37:42 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14917\AcrobatUpdater.exe
[2010/09/21 20:37:42 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14917\AdobeARM.exe
[2010/09/21 20:37:42 | 000,338,856 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.3\ARM\14917\ReaderUpdater.exe
[2007/12/11 13:23:16 | 000,116,008 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe
[2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
[2007/01/11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/12/17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[2010/12/11 09:17:18 | 000,523,440 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2008/07/04 03:54:56 | 000,199,192 | R-S- | M] (Tarma Software Research Pty Ltd) -- C:\Documents and Settings\All Users\Application Data\Tarma Installer\{09F55516-AC75-43EA-8127-292E5A28B7DF}\Setup.exe
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2005/01/23 12:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Identities
[2005/01/23 12:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Symantec
[2005/01/23 11:51:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Philippe\Application Data\Microsoft
[2006/08/22 21:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Macromedia
[2006/08/22 23:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Help
[2006/08/23 21:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Adobe
[2006/08/23 21:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\AdobeUM
[2006/08/23 22:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Canon
[2006/08/29 22:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Ulead Systems
[2006/08/31 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\CyberLink
[2006/09/04 16:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\MSNInstaller
[2006/10/28 19:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sun
[2007/06/25 19:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\EPSON
[2007/07/04 13:20:20 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Philippe\Application Data\SecuROM
[2007/12/25 09:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Apple Computer
[2008/06/22 17:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\ATI
[2008/09/23 18:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Google
[2008/10/10 14:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\InstallShield
[2008/10/10 14:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\IndexEducation
[2008/11/27 13:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2009/07/09 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Icones
[2009/10/21 08:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\bayardKids.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
[2010/02/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sony
[2010/02/06 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Sony Setup
[2010/07/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Foxit
[2010/07/08 19:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Foxit Software
[2010/08/30 17:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Anuman Interactive
[2010/11/13 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Avira
[2010/12/06 15:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\ArcSoft
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2007/01/23 09:18:48 | 021,277,080 | ---- | M] (                            ) -- C:\Documents and Settings\Philippe\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008/05/07 17:29:00 | 019,900,192 | ---- | M] (                                   ) -- C:\Documents and Settings\Philippe\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2007/09/28 16:18:42 | 000,347,648 | ---- | M] (Anuman Interactive) -- C:\Documents and Settings\Philippe\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[2010/03/16 19:36:50 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010/02/06 11:40:52 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2008/09/20 18:43:24 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{1B438221-AAD3-46F7-A834-950D7E466E8E}\ARPPRODUCTICON.exe
[2008/09/20 18:43:24 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{1B438221-AAD3-46F7-A834-950D7E466E8E}\Napoleon.exe_1B438221AAD346F7A834950D7E466E8E.exe
[2008/09/20 18:43:24 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{1B438221-AAD3-46F7-A834-950D7E466E8E}\Napoleon.exe1_1B438221AAD346F7A834950D7E466E8E.exe
[2008/09/20 18:43:24 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{1B438221-AAD3-46F7-A834-950D7E466E8E}\UNINST_Uninstall_Nap_1B438221AAD346F7A834950D7E466E8E.exe
[2009/02/17 09:26:28 | 000,053,248 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{89985067-2EB5-450E-AA31-D598007533CC}\_C161D3D5F6BC_49C9_ACDB_695176F64324.exe
[2010/06/13 19:51:02 | 000,009,158 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
[2008/12/11 13:11:18 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
[2008/12/11 13:11:18 | 000,002,550 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_DB6341F586D0E25618F7F6.exe
[2008/12/11 13:11:18 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_850C5706CD0C3D8661B826.exe
[2008/12/11 13:11:18 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_AD853CD6726A50D65BD62C.exe
[2008/12/11 13:11:18 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_C4BF2AF5352B799B991657.exe
[2008/12/11 13:11:18 | 000,001,518 | R--- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_FC1536F951AEDB8AF63555.exe
[2009/11/20 19:31:18 | 000,132,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
[2009/11/20 19:31:18 | 000,086,576 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
[2006/09/04 16:21:20 | 000,826,856 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philippe\Application Data\MSNInstaller\msnauins.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2009/11/21 12:52:18 | 001,164,624 | ---- | M] (Microsoft Corporation) -- C:\wlsetup-custom.exe
[2009/11/21 20:43:10 | 001,794,920 | ---- | M] (Microsoft Corporation) -- C:\Installation_WLMessenger2009.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: AHCIX86.SYS  >[/color]
[2008/03/08 03:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-6_xp32_dd_ccc_wdm_enu_64783\SBDrv\RAID7xx\x86\ahcix86.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:cdrom.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:cdrom.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/05 05:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Changer.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:Changer.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\dllcache\changer.sys
[2008/04/13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\system32\drivers\Changer.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:disk.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/05 05:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 20:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2004/08/05 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[2007/01/12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2004/08/05 05:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 15:10:54 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 21:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/05 05:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: RASACD.SYS  >[/color]
[2004/08/05 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2004/08/05 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
 
[color=#A23BEC]< MD5 for: RDPWD.SYS  >[/color]
[2005/06/10 05:06:02 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=047BEA21274C8A4A233674A76C958C2C -- C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\dllcache\rdpwd.sys
[2008/04/14 04:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\RDPWD.sys
[2005/06/10 05:11:22 | 000,139,528 | ---- | M] (Microsoft Corporation) MD5=B54CD38A9EBFBF2B3561426E3FE26F62 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys
[2004/08/05 05:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 05:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:Sfloppy.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:Sfloppy.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys
[2004/08/05 05:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\dllcache\sfloppy.sys
[2008/04/13 20:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys
 
[color=#A23BEC]< MD5 for: SPLITTER.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:splitter.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:splitter.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys
[2006/06/14 10:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=0CE218578FFF5F4F7E4201539C45C78F -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys
[2004/08/03 23:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtUninstallKB920872$\splitter.sys
[2006/06/14 10:50:20 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=9BB1DD670CB7505A90FC4E61D4AA8227 -- C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
[2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys
[2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\dllcache\splitter.sys
[2008/04/13 20:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys
 
[color=#A23BEC]< MD5 for: SWMIDI.SYS  >[/color]
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:swmidi.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys
[2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys
[2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\dllcache\swmidi.sys
[2008/04/13 20:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys
[2001/08/17 22:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2006/04/20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 12:45:14 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 18:20:56 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/05 05:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008/06/20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 14:18:36 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: TDPIPE.SYS  >[/color]
[2004/08/05 05:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\dllcache\tdpipe.sys
[2008/04/14 04:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\TDPIPE.sys
 
[color=#A23BEC]< MD5 for: TDTCP.SYS  >[/color]
[2008/04/14 04:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys
[2008/04/14 04:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\dllcache\tdtcp.sys
[2008/04/14 04:34:54 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\TDTCP.sys
[2004/08/05 05:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys
 
[color=#A23BEC]< MD5 for: USBPRINT.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbprint.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:usbprint.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys
[2004/08/03 23:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A42369B7CD8886CD7C70F33DA6FCBCF5 -- C:\WINDOWS\$NtServicePackUninstall$\usbprint.sys
[2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys
[2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys
[2008/04/13 20:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbscan.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\i386\sp3.cab:usbscan.sys
[2004/08/05 05:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys
[2008/08/09 21:56:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys
[2008/04/13 20:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/03 22:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A6BC71402F4F7DD5B77FD7F4A8DDBA85 -- C:\WINDOWS\$NtServicePackUninstall$\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2004/08/05 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/05 05:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/07/21 16:55:26 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ATIDEMGX.dll
[533 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]

< End of report >


Scan OTL "Extras.txt"
Code: Tout sélectionner
OTL Extras logfile created on: 11/12/2010 10:26:44 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Philippe\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
1 022,00 Mb Total Physical Memory | 505,00 Mb Available Physical Memory | 49,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 113,73 Gb Total Space | 14,74 Gb Free Space | 12,96% Space Free | Partition Type: FAT32
Drive D: | 114,22 Gb Total Space | 84,70 Gb Free Space | 74,15% Space Free | Partition Type: FAT32
 
Computer Name: ACER-MERLE | User Name: Philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe" %1 ()
https [open] -- "C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe" %1 ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe" = C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer -- (Acer Inc.)
"C:\Program Files\Acer\Acer eConsole\eConsole.exe" = C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole -- (Acer Inc.)
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe" = C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server -- (Acer Inc.)
"C:\Program Files\Microprose\Risk II\RiskII.exe" = C:\Program Files\Microprose\Risk II\RiskII.exe:*:Disabled:Risk II -- (Deep Red Games Ltd)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Documents and Settings\Philippe\Mes documents\ph-ma.merle\incredimail_install.exe" = C:\Documents and Settings\Philippe\Mes documents\ph-ma.merle\incredimail_install.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\MFP Server\App\Common\MFPAgent.exe" = C:\Program Files\MFP Server\App\Common\MFPAgent.exe:*:Enabled:MFP Agent -- (Edimax Technology Co., Ltd.)
"C:\Program Files\Microsoft Games\Age of Empires II\Empires2.Exe" = C:\Program Files\Microsoft Games\Age of Empires II\Empires2.Exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe" = C:\Program Files\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""J'ai trouvé c'est fantastique !"" = "J'ai trouvé c'est fantastique !"
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{09F55516-AC75-43EA-8127-292E5A28B7DF}" = Monster Trux Extreme - Offroad Edition
"{0B4C4652-A521-4696-BEE0-767D742727AD}" = INDEX EDUCATION - ProfNOTE 2010
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{1502B666-7CAC-4E5D-9D3E-C8DE9A85984F}" = Zapper Demo
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Les Sims Superstar
"{1B438221-AAD3-46F7-A834-950D7E466E8E}" = Napoleon
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{23A32D12-5C71-46F3-801D-A2896C2B6792}" = Jeu de Tarot
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{3310CCF2-AC56-11D5-9D5E-0050DA688E3B}" = Lucky Luke - Mini-Jeu
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3F900346-A316-BA88-B83C-2513F1260AD7}" = Reg (DOFUS Audio Subsystem)
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}" = OpenOffice.org 3.2
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{512D0FB7-4104-46BA-BE72-3A1633E7946C}" = Dolet Light for Finale 2004
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5DD31E03-4843-4352-9F8B-919430E80C98}" = INDEX EDUCATION - ProfNOTE 2008
"{5EBF7AAB-98C5-2C43-0844-4BD9B9FCA7AD}" = Dofus
"{623446F8-D2D4-4942-9CA2-9D71ED8B24E9}" = Football Generation
"{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}" = Acer eMode Management
"{66E9FF7E-E2A3-47F0-BB00-521071AF4C07}" = Micro Application - 3D Architecte Classic
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{7087A5CE-60AB-4C14-A4D9-5F1AAA699E97}" = Micro Application - Super Dactylo
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CC4631-B04D-4AD2-BA55-05EA00BD73B1}" = STK013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}" = Europa Universalis - Rome
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89985067-2EB5-450E-AA31-D598007533CC}" = Sudoku
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.17
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{B8A6F713-D72D-47AD-A92D-B5C0E13F98C1}" = NTI HomeVideo-Maker
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}" = MediaBar
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC1DFFF-FE49-4BEC-9E63-82D91A6FD2C8}" = Aplusix II
"{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}" = Digital Camera
"{D13FE823-C575-4451-AC37-E645A67AA581}_1.0.0.0" = OrangeInstaller version 1.0.0.0
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA076E9B-A0B9-07C5-1B5D-8147CF31AFB7}" = bayardKids
"{EB4D42D6-627A-424E-981F-1474AFF3CC29}" = ArcSoft MediaImpression SE for Kodak
"{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}" = Acer eConsole
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F79D122F-A2EF-4D9D-93FB-CA8ECF931AB8}" = Riding Star
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"4 LEAF CLOVERS" = LE TRÈFLE AUX 4 COULEURS
"4StoryFR_is1" = 4Story 1.5
"69083DC58646DE46A09847A522A1CC487F918039" = Package de pilotes Windows - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Package de pilotes Windows - Advanced Micro Devices, Inc. (USB28xxBGA) Media  (08/31/2007 5.7.0831.0)
"Adibou V.3.00 on C" = Adibou V.3.00 on C
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II : The Conquerors Expansion
"Alexandra Ledermann 4" = Alexandra Ledermann 4
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"AnalogX Scratch" = AnalogX Scratch
"AnumanLive" = AnumanLive
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Asterix at the Olympic Games" = Astérix aux Jeux Olympiques
"Atelier de géométrie 3D (V 1.01)_is1" = La Version 0101
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bayardKids.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1" = bayardKids
"Canon ScanGear Toolbox CS 2.2" = Canon ScanGear Toolbox CS 2.2
"Comment ça marche, volume 2" = Comment ça marche, volume 2
"Derive5" = Derive 5
"Dictees" = Micro Application - Dictées CM1 et CM2
"Digital Camera Driver" = Digital Camera Driver
"DMA2" = Disney Dessinez, c'est Disney 2
"Dofus 1.28.0" = Dofus 1.28.0
"Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Dofus
"Enjoy 6e" = Enjoy 6e
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Guide d'utilisation" = EPSON Stylus SX200_SX400_TX200_TX400 Manuel
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"Equestriad 2001" = Equestriad 2001
"ESCX6900F_DX7000F Guide util." = ESCX6900F_DX7000F Guide util.
"EW : Cossacks" = Cossacks - European Wars
"Finale 2004b FR" = Finale 2004b FR
"Finale 2008" = Finale 2008
"Foxit Reader" = Foxit Reader
"FrançaisCE1" = FranCE1
"FranceTelecomUninstall_FTBrowser" = Navigateur Orange
"GameSpy Arcade" = GameSpy Arcade
"Garritan Instruments for Finale" = Garritan Instruments for Finale
"GeoGebra" = GeoGebra
"GeoLicia_is1" = GeoLicia 1.1
"GestionnaireInternet.exe" = Gestionnaire Internet
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"INFORAD MANAGER_is1" = INFORAD MANAGER 3.4
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MailNotifier" = Notification Mail
"MathématiquesCE1" = MathCE1
"Media Reader 1.02" = USB Media Reader
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orange WebTV Player_is1" = Orange WebTV Player 1.28971
"OrangeToolbarFR" = barre d'outils Orange
"PC Scrabble ®" = PC Scrabble ®
"PhoTagsExpress" = PhoTags Express
"QuickTime 3.0" = QuickTime 3.0
"Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1" = Reg (DOFUS Audio Subsystem)
"Rise of Atlantis Free Trial_is1" = Rise of Atlantis Free Trial
"RRF.exe" = Lapin Malin Cours Préparatoire
"Samsung_SEDG" = Samsung Video Codec 1.2.5009 Uninstall
"Scratch" = Scratch
"Sunplus CA533A" = Icatch(IV) Camera Driver
"Tir aux lapins" = Micro Application - Tir aux Lapins
"Votre décorateur d'intérieur 3D_is1" = Votre décorateur d'intérieur 3D
"Waterloo - La dernière bataille de Napoléon" = Waterloo - La dernière bataille de Napoléon
"Westward" = Westward
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra" = GeoGebra
"Midnight Racing" = Midnight Racing
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 06/12/2010 10:54:19 | Computer Name = ACER-MERLE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
 CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
 la vérification par rapport à l'horloge système en cours ou le tampon daté dans
 le fichier signé. 
 
Error - 07/12/2010 08:14:28 | Computer Name = ACER-MERLE | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
 styleihm.dll, version 11.0.0.0, adresse de défaillance 0x000659f2.
 
Error - 07/12/2010 08:14:40 | Computer Name = ACER-MERLE | Source = Application Error | ID = 1000
Description = Application défaillante woobrowser.exe, version 5.9.2.0, module défaillant
 styleihm.dll, version 11.0.0.0, adresse de défaillance 0x0000b894.
 
Error - 10/12/2010 15:42:28 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
Error - 10/12/2010 15:45:46 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
Error - 10/12/2010 15:45:47 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
Error - 10/12/2010 15:47:01 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
Error - 10/12/2010 15:53:28 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
Error - 10/12/2010 16:04:38 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
Error - 10/12/2010 16:08:03 | Computer Name = ACER-MERLE | Source = VSS | ID = 4001
Description = Erreur du service de cliché instantané des volumes : impossible de
 trouver des zones diff pour la création des copies.  Ajoutez au moins un lecteur
NTFS au système avec assez d'espace libre.  L'espace libre requis est d'au moins 100
 Mo pour chaque volume à sauvegarder ou cliché instantané à prendre.
 
[ System Events ]
Error - 07/12/2010 03:29:09 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 07/12/2010 03:29:09 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service Icatch(IV) Video Camera Device n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 08/12/2010 09:45:15 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 08/12/2010 09:45:15 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service Icatch(IV) Video Camera Device n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 09/12/2010 02:45:41 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 09/12/2010 02:45:41 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service Icatch(IV) Video Camera Device n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 10/12/2010 14:11:50 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 10/12/2010 14:11:50 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service Icatch(IV) Video Camera Device n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 11/12/2010 03:52:44 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service MFP Server Enhanced Controller n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
Error - 11/12/2010 03:52:44 | Computer Name = ACER-MERLE | Source = Service Control Manager | ID = 7000
Description = Le service Icatch(IV) Video Camera Device n'a pas pu démarrer en raison
 de l'erreur :   %%1058
 
 
< End of report >


objets cachés pour ANTIVIR (il y en a 9 donc cest louche)
Code: Tout sélectionner
La recherche d'objets cachés commence.
HKEY_LOCAL_MACHINE\Software\acer\MediaServerService\runningupdate
    [REMARQUE]  L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
    [REMARQUE]  L'entrée d'enregistrement n'est pas visible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\display string
    [REMARQUE]  L'entrée d'enregistrement n'est pas visible.
HKEY_USERS\S-1-5-21-105346895-2759899334-2448257181-1006\Software\SecuROM\License information\datasecu
    [REMARQUE]  L'entrée d'enregistrement n'est pas visible.
HKEY_USERS\S-1-5-21-105346895-2759899334-2448257181-1006\Software\SecuROM\License information\rkeysecu
    [REMARQUE]  L'entrée d'enregistrement n'est pas visible.
c:\program files\wanadoo\shell.exe
c:\Program Files\Wanadoo\Shell.exe
    [REMARQUE]  Le processus n'est pas visible.
c:\program files\wanadoo\shell.exe
c:\program files\wanadoo\shell.exe
c:\program files\wanadoo\woobrowser\woobrowser.exe
c:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe
    [REMARQUE]  Le processus n'est pas visible.


Merci de votre aide !
Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 


Re: Virus ?

Message le 11 Déc 2010 11:42

Salut

Tu est infecter .

Télécharge

Image AD-REMOVER

Image AIDE EN IMAGE

Si vous etes sous Vista ou Windows 7 :
Vous devez désactiver l'UAC le temps de la désinfection.
Si vous avez TeaTimer le résident de Spybot, désactivez-le car il risque de gêner la désinfection:
Démarrez Spybot, cliquez sur Mode, cochez Mode avancé.
A gauche, cliquez sur Outils, puis sur Résident.
Décochez la case devant Résident "TeaTimer" puis quittez Spybot .
Déconnecte-toi du net et ferme toutes applications en cours .
Double-clique sur le programme d'installation ;
Cliques sur Télécharger et enregistre-le sur ton bureau. .
Double-clique sur l'icône [color="#0000FF"]AD-Remover[/color] située sur ton Bureau .

** Pour Vista : clique droit " Exécuter en tant qu'administrateur " Au menu principal, choisis l'option Nettoyer.
Une fenêtre te demande "Confirmez-vous votre action",cliques sur oui
L’ outil débute sa recherche … Laisse-le travailler !
Le scan achevé, une fenêtre va s’ afficher.
Poste (copie-colle) le rapport qui apparaît à la fin.
Tu trouveras aussi le rapport sous C:\Ad-report(date).log

CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller


Note :
" Process.exe ",est une composante de l'outil,et peut être détecté par certains antivirus comme une infection , ne pas en tenir compte : il s'agit d'un faux positif
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Virus ?

Message le 11 Déc 2010 11:45

hello,

oui tu es infecter, Del va s'occuper de toi


  • Peux-tu stp te rendre sur le premier message que tu as poster afin de modifier le titre de ton topic (sujet).
  • Pour cela clique sur l'icône "EDITER", tape ce nouveau titre Infecter par Navipromo.
  • Valide en cliquant sur "Envoyer"

:wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:09

je lance le scan
Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:38

Bonjour ,

Quelques mots:
pierreyves258 a écrit:Je pense avoir un virus ...
Enfin, le clic compulsif a fini par parler :lol: :lol:
pierreyves258 a écrit:l'UAc c'est l'antivirus ?
Ça commence !! Renseigne toi un peu :evil: :roll:
Tu es sous Xp & l'UAC n'existe pas sous cet OS... & bien sur, on continue avec
pierreyves258 a écrit:comment savoir si on a teatimer
En lisant les réponses qui te sont faites. Del crosseur t'a écrit:
Del-crosseur a écrit:Si vous avez TeaTimer le résident de Spybot
Tout est dans ces neuf mots.

Ne me réponds pas, ce sera totalement inutile, mais lis & exécutes les consignes que l'on te donne.

Bon courage Del, tu en as environ pour 4 ou 5 semaines avec pierreyves258
Avatar de l'utilisateur
Ask to Old Man
Moderateur
Moderateur
 
Messages: 19970
Inscription: 14 Mar 2004 10:06
Localisation: Argenteuil,Val d'Oise
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:39

Voila le rapport
(38 segondes de scan c'est rapide ^^)

Code: Tout sélectionner
======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/12/10 à 10:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:37:02 le 11/12/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Philippe@ACER-MERLE ( )
 
============== RECHERCHE ==============


Fichier trouvé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier trouvé: C:\Program Files\Ask.com
Dossier trouvé: C:\Documents and Settings\Philippe\Local Settings\Application Data\AskToolbar
Dossier trouvé: C:\Program Files\Winletmin

Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé trouvée: HKLM\Software\Classes\CLSID\{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}
Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé trouvée: HKLM\Software\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé trouvée: HKCU\Software\Ask.com
Clé trouvée: HKCU\Software\AskToolbar
Clé trouvée: HKCU\Software\Lanconfig
Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MessengerSkinner
Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé trouvée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F

Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|yrsyqdo
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://www.google.com
Show_ToolBar: yes
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 11/12/2010 (697 Octet(s))

Fin à: 12:37:45, 11/12/2010
 
============== E.O.F ==============
Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:45

Ask to Old Man a écrit:Bon courage Del, tu en as environ pour 4 ou 5 semaines avec pierreyves258


Mdrr' je crois bien :lol:

@ pierreyves258

Relance AD-REMOVER mais en choisissant l'option " Nettoyer " cette fois si ;)
Poste le rapport Obtenu...
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:45

roo c'est bon maintenant j'ai fais le scan je fais quoi ?
Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:49

hello,


petite incrus...

lis bien les instruction de DEL...
Au menu principal, choisis l'option Nettoyer.


toi tu as choisis "SCAN", recommence avec Nettoyer et poste le rapport à DEL
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 12:56

Vraiement dsl je vais lire vos mess !


voila le rapport
Code: Tout sélectionner
======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 08/12/10 à 10:40
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:50:01 le 11/12/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Philippe@ACER-MERLE ( )
 
============== ACTION(S) ==============


Fichier supprimé: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Dossier supprimé: C:\Program Files\Ask.com
Dossier supprimé: C:\Documents and Settings\Philippe\Local Settings\Application Data\AskToolbar
Dossier supprimé: C:\Program Files\Winletmin

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé supprimée: HKLM\Software\Classes\CLSID\{C45B1500-7B63-47C2-AB25-C28CB46AFDEE}
Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé supprimée: HKLM\Software\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AskToolbar
Clé supprimée: HKCU\Software\Lanconfig
Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\MessengerSkinner
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\62119EF862C6B3A0D853419B87EB3E2F6C78640A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé supprimée: HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F

Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|yrsyqdo
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 18 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 11/12/2010 (5349 Octet(s))
C:\Ad-Report-CLEAN[1].txt - 11/12/2010 (750 Octet(s))

Fin à: 12:51:01, 11/12/2010
 
============== E.O.F ==============
Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 13:04

Très bien

Télécharge Navilog

* Sous Windows Vista : Faites un clic droit sur l’icône Navilog1 qui se trouve sur votre bureau, et choisissez « exécuter en tant qu’administrateur »
* Sous Windows XP/2000 : Double-cliquez sur l’icône Navilog1 qui se trouve sur votre bureau.

Vous devez choisir la langue.. Pour le français, tapez sur la lettre F du clavier puis Entrée pour valider le choix.

* Double-cliquez sur le fichier navilog1.bat (il se peut que .bat n'apparaisse pas et que vous n'ayez que navilog1).
* Une fenêtre noire semblable à celle ci-dessous s'ouvre.
* Appuyez sur une touche pour passer à l'étape suivante
* L'étape suivante va vérifier que vous avez bien décompressé l'archive. Si ce n'est pas le cas, l'exécution va se terminer ici.
* Vérifiez que vous avez bien décompressé navilog1.zip ENTIEREMENT sur votre bureau.
* Appuyez sur une touche pour passer à l'étape suivante
* Le menu du fix s'ouvre alors.
* Choisissez l'option 1, pour cela, tapez sur la touche 1 de votre clavier puis appuyez sur la touche entrée de votre clavier.
* La vérification du système s'effectue alors... Cela peut prendre plusieurs minutes (de 5 à 10min), soyez patient et ne touchez à rien.
* Des inscriptions comme ci-dessous peuvent apparaître.

Si l'infection est présente et détectée, vous pouvez obtenir ce message vous indiquant que l'ordinateur a besoin d'être redémarré.
Comme indiqué dans le message, le redémarrage est automatique mais si l'ordinateur ne redémarre pas automatiquement, redémarrez le manuellement.
La suppression de l'infection se fait alors au redémarrage, appuyez sur une touche.
A ce stade, si vous avez bien suivi les étapes, votre ordinateur est désinfecté de Magic.Control
Le rapport de désinfection est créé sur le bureau et porte le nom de cleanavi.txt
enregistrez ce rapport sur votre bureau.

* Copier/collez le contenu de ce rapport

EDIT : Si tu rencontre des problème ou .. je t'invite à consulter se superbe TuTo avec image
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 13:15

voila le rapport

Code: Tout sélectionner
Fix Navipromo version 4.0.9 commencé le 11/12/2010 13:09:06,68

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 24.11.2010 à 16h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Philippe ( Administrator )
BOOT : Normal boot

Antivirus : AntiVir Desktop 10.0.1.52 (Activated)
Firewall  : Norton Internet Worm Protection 2006 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:113 Go (Free:16 Go)
D:\ (Local Disk) - FAT32 - Total:114 Go (Free:84 Go)
E:\ (CD or DVD)
F:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


c:\docume~1\philippe\locals~1\applic~1\ykchslwbdf.dat supprimé !
c:\docume~1\philippe\locals~1\applic~1\ykchslwbdf_m2s.zl supprimé !
c:\docume~1\philippe\locals~1\applic~1\ykchslwbdf_s2m.xml supprimé !
c:\docume~1\philippe\locals~1\applic~1\ykchslwbdf_s2m.zl supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Philippe\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 11/12/2010 13:12:33,26 ***

Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 13:21

Cool ;)

Finir le nettoyage

Vous pouvez désinstaller navilog1 en supprimant le fichier Navilog1.Exe et le dossier C:Program FilesNavilog1

Enfin pour terminer :

* Cliquez sur menu Démarrer puis Panneau de configuration
* Double-cliquez sur Options Internet
* Cliquez sur l’onglet Contenu puis sur Certificats, dans la colonne Editeurs approuvés, supprimez si présent :

--electronic-group
--egroup
--Montorgueil
--VIP
--« Sunny Day Design Ltd »

Ensuite ::

Installe:

Image Malwarebytes' Antimalware

*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

*** il est conseillé de désactivé Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Voici comment faire: Lancez Spybot-S&D, passez en Mode avancé via le Menu Mode (en haut) ? cliquez sur Oui--> choisissez Outils dans la barre de navigation sur la gauche -->Résident et là vous pouvez décocher les cases situées devant les deux outils.
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 14:08

j'ai télécharger Malwarebytes' Antimalware puis mis a jour et lancer le scan comme tu m'as dis mais j'etais a coté et je n'ais pas regarder et je ne sais pas si c'est normal ni si le scan étais terminé mais l'ordinateur a redémarer et a fais une recherche au démarrage comme quand on appuie sur le bouton pour l'éteindre brutalement ... c'est normal ? je relance un scan ?
Avatar de l'utilisateur
pierreyves258
Expert(e)
Expert(e)
 
Messages: 1139
Inscription: 30 Oct 2010 18:29
 

Re: Infecter par Navipromo

Message le 11 Déc 2010 15:07

Re lance MBAM puis rend toi dans l'onglet "Rapport/logs" et regarde si tu a un rapport.
Si pas relance en fesant un examen complet et reste a coter du pc. ;-)
Avatar de l'utilisateur
Del-crosseur
Expert(e)
Expert(e)
 
Messages: 1833
Inscription: 08 Juin 2009 06:46
Localisation: Nord-(59)
 

Suivante


Sujets similaires

Message [Réglé] Mauvaise performance SSD NVME
Bonjour, j'ai un WDC PC SN530 SDBPNPZ-512G, et quand je fais des benchmark où je ne comprends rien, ils m'indiquent dès résultat pas terrible, y a t'il moyen d'arranger ça ?https://www.userbenchmark.com/UserRun/68904129Merci de votre aide.
Réponses: 9

Message [Réglé] Mini PC pour la 4k HDR
Bonjour (et bonne année a tous ),Actuellement, j'ai mon bon vieux mini PC (I5-4210U) , fonctionnel mais hélas devenu trop limité en performance pour la 4K (j'arrive à lire des fichiers en H264 avec très peu voir pas de lags tout dépend le lecteur) et on parle même pas avec du H265 (saccadé à mort) ...
Réponses: 6

Message [Réglé] android auto
Bonjour Je possede un tel. samsung S7 . Je viens d'intaller android auto et chaque fois que je branche mon tel. sur mon vehicule , mon telephone me dit de mettre android à jour. En fouillant un peu sur le net j'ai cru voir que samsung avait arreté les mises à jour sur les S7 . Est ce vrai , sinon co ...
Réponses: 3

Message [Réglè] HELP
Bonjour a tous,j'ai voulu désinstaller les pilotes AMD high définition audio device dans le gestionnaire croyant que les pilotes realtek prendraient la place j'ai redémarré mon PC et depuis je n'ai plus de son l?icône est affublée d'une belle croix rouge (aucun haut parleur ou casque n'est branché) ...
Réponses: 7

Message Son 5.1 [Réglé]
Bonjour,J'ouvre un autre post concernant mon souci de sortie son qui est désespérément figé sur "Stéréo". Mon PC Assemblé par mes soins possède une Carte Mère Gigabyte B550M DS3H "affublée" d'une carte Graphique AMD RX6600 Pulse. Mon PC est relié de ma carte graphique à mon TV à ...
Réponses: 3

Message [Réglé] Fenêtre intempestive Powershell au démarrage
Bonjour,Je m'ajoute à la longue liste des victimes de la fenêtre pop-up bleue qui s'ouvre et qui se ferme à chaque connexion de session, et quelques fois après.J'ai passé les antimalware et ESET... mais rien à faire.Je possède un Lenovo TrigKey AZW S3 en AMD Ryzen 7 qui tourne sur W11 64bits.je vous ...
Réponses: 11

Message [Réglé] Suite de mon sujet Démarrage PC parfois difficile
Bonjour,j'avais ouvert un sujet suite au démarrage très lent de mon PC. Votre aide m'a permis d'améliorer la situation mais ce n'est pas parfait (plus de 2 minutes avant la fenêtre de saisie du code d'accès Windows).On m'a conseillé de demander une désinfection. J'ai suivi la procédure et je joins l ...
Réponses: 12


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 6 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.